Go to page of
Similar user manuals
-
Network Router
Raritan Computer DKX432
106 pages 2.77 mb -
Network Router
Raritan Computer KX2-216
188 pages 10 mb -
Network Router
Raritan Computer KX2-116
188 pages 10 mb -
Network Router
Raritan Computer KX2-416
188 pages 10 mb -
Network Router
Raritan Computer CCA-0N-V5.1-E
420 pages 3.84 mb -
Network Router
Raritan Computer DKX232
106 pages 2.77 mb -
Network Router
Raritan Computer DKX216
106 pages 2.77 mb -
Network Router
Raritan Computer DKX464
106 pages 2.77 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Raritan Computer CCA-0N-V5.1-E, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Raritan Computer CCA-0N-V5.1-E one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Raritan Computer CCA-0N-V5.1-E. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Raritan Computer CCA-0N-V5.1-E should contain:
- informations concerning technical data of Raritan Computer CCA-0N-V5.1-E
- name of the manufacturer and a year of construction of the Raritan Computer CCA-0N-V5.1-E item
- rules of operation, control and maintenance of the Raritan Computer CCA-0N-V5.1-E item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Raritan Computer CCA-0N-V5.1-E alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Raritan Computer CCA-0N-V5.1-E, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Raritan Computer service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Raritan Computer CCA-0N-V5.1-E.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Raritan Computer CCA-0N-V5.1-E item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Copyrigh t © 2011 Raritan, In c. CCA - 0N -v5.1-E February 2011 255 - 80 - 5140 - 00 - 0N CommandCenter Sec ure Gateway A dministrators Guide Release 5.1[...]
-
Page 2
This docum ent contains proprietary inform ation that is protected b y copyright. All rights reserv ed. No part of this docum ent ma y be photocopied, reproduc ed, or translated into another language without express prior written co nsent of Raritan, I nc. © Copyright 2011 Rar itan, Inc. All third -party soft ware and hardware m entioned in this d[...]
-
Page 3
iii Contents What's New in the CC-SG Administrators Guide xvii Chapter 1 Introduction 1 Prerequisites .................................................................................................................................. 1 Term inology /Acron y ms .....................................................................................[...]
-
Page 4
Contents iv Licensing - Lim ited Operation Before Lice nse Install .................................................................. 28 Licensing - Existi ng Custom ers ................................................................................................... 29 Licensing - Rehost ing ......................................................[...]
-
Page 5
Contents v Discovering Devices .................................................................................................................... 53 Adding a Device ................................ ........................................................................................... 54 Add a KVM or Serial D evice ...........................[...]
-
Page 6
Contents vi Copying Device Conf iguration ..................................................................................................... 87 Restarting a Device ...................................................................................................................... 88 Pinging the Device ..........................................[...]
-
Page 7
Contents vii Adding Location and Co ntacts to a Node Prof ile ....................................................................... 111 Adding Notes to a Nod e Profile ................................................................................................ . 111 Configuring the Virtual Inf rastructure in CC - SG ..........................[...]
-
Page 8
Contents viii Limit the Num ber of KVM Sessions per User ............................................................................ 162 Configuring Access Auditing for User G roups ........................................................................... 162 Adding, Editing, and D eleting Users ..................................................[...]
-
Page 9
Contents ix Specify a Base DN ........................................................................................................... 189 Specifying Modules f or Authentication and Aut horization ......................................................... 189 Establishing Order of External AA Servers ..............................................[...]
-
Page 10
Contents x Audit Trail Report ....................................................................................................................... 210 Error Log Report ........................................................................................................................ 211 Access Report ........................................[...]
-
Page 11
Contents xi Chapter 15 Adv a nced Administration 237 Configuring a Mess age of the Da y ............................................................................................ 237 Configuring Applications for Accessing Nodes .......................................................................... 238 About Applications f or Accessing Nodes .[...]
-
Page 12
Contents xii Refresh a Neighborho od ................................................................................................ . 2 66 Delete a Neighborhood .................................................................................................... 266 Security Manager ................................ ................................[...]
-
Page 13
Contents xiii Navigate Adm inistrator Console ...................................................................................... 305 Edit Diagnostic Consol e Configuration ............................................................................ 306 Edit Network Interfaces Configuration (N etwork Interfaces ) ................................[...]
-
Page 14
Contents xiv A ppendix B CC -SG a nd Network Configuration 349 Required Open Ports f or CC -SG Network s: Executive Summ ary ............................................. 349 CC -SG Comm unication Channels ............................................................................................. 350 CC -SG and Raritan De vices ..................[...]
-
Page 15
Contents xv A ppendix C User Group Privileges 357 A ppendix D SNMP Traps 366 A ppendix E CSV File Imports 368 Comm on CSV File Requirem ents .............................................................................................. 369 Audit Trail Entries f or Importing ...........................................................................[...]
-
Page 16
Contents xvi User Inform ation ........................................................................................................................ 389 Node Inform ation ....................................................................................................................... 389 Location Inform ation ..............................[...]
-
Page 17
xvii The following sections h ave changed or inform ation has been added to the Comm andCenter Secure Gatewa y Administrators G uide based on enhancem ents and changes to the equipm ent and/or docum entation. Add a License (o n page 30 ) Pause and Resume Management of Devices Using a Scheduled Task (on page 89 ) IBM IMM Module Conne cti[...]
-
Page 18
[...]
-
Page 19
1 The Comm andCenter Secure Gatewa y (CC-SG) Adm inistrators Guide offers instructions for adm inistering and m aintaining your CC -SG. This guide is intende d for adm inistrators who typically hav e all available privileges. Users who are not adm inistrators should s ee Raritan's Command Center Secure Gatewa y User Guide . In This Chapter Pre[...]
-
Page 20
Chapter 1 : I ntroduction 2 Terminology/Acronyms Terms and acron yms found in this docum ent include: Access Client - HT ML-based client int ended for use b y normal access users who need to acces s a node m anaged by CC- SG. The Access Client does not allo w the use of adm inistration function s. Admin Client - J ava-based client for CC -SG useabl[...]
-
Page 21
Chapter 1 : Intro duction 3 Ghosted Ports - when managing Parag on devices, a ghosted port can occur when a CIM or tar get server is rem oved from the s y st em or powered off (m anually or accidentall y). See Rar itan's Paragon II User Guide. Hostname - c an be used if DNS ser ver support is enabled. S ee About Network Setup ( on page 242). T[...]
-
Page 22
Chapter 1 : I ntroduction 4 Node Groups - a defined group of nodes that are acces sible to a user. Node groups are use d when creating a po licy to control acces s to the nodes in the group. Ports - connection po ints between a Rarit an device and a n ode. Ports exist only on Raritan d evices, and the y identify a pathwa y from that device to a nod[...]
-
Page 23
5 You can access CC -SG in several ways: Browser: CC-SG s upports numerous web browsers (for a com plete list of supported bro wsers, see the Com patibility Matrix on the Raritan Support website). Thick Client: You can inst all a Java W eb Start thick client on your client computer. T he thick client functions exactl y like the browser-base[...]
-
Page 24
Chapter 2 : A ccessing CC- SG 6 JRE Incompatibilit y If you do not have the m inimum required version of JRE installed on your client computer, you will see a warning m essage before you can access the CC -SG Adm in Client. The JRE Incom patibility W arning window opens when CC-SG c annot find the required JRE file on your client computer. If you s[...]
-
Page 25
Chapter 2 : Ac cessing CC- SG 7 4. If the CC-SG is conf igured for secure bro wser connections, you m ust select the Secure Socket Layer (SSL) check box. If the CC -SG is not configured for secur e browser c onnections, you mus t deselect the Secure Sock et Layer (SSL) check box. This setting m ust be correct or the thick client wi ll not be able t[...]
-
Page 26
Chapter 2 : A ccessing CC- SG 8 CC -SG Admin Client Upon valid login, the C C-SG Adm in Client appears.[...]
-
Page 27
Chapter 2 : Ac cessing CC- SG 9 Nodes tab: Click the Nodes tab to displa y all known target nodes in a tree view. Click a node to view the Node Profile. Interfac es are grouped under the ir parent nodes. Click the + and - s igns to expand or collapse the tree. R ight-click an interface and select Connect to connect to that interf ace. You can s[...]
-
Page 28
10 Before you can begi n configuring and working in CC -SG, you m ust have valid licenses installed . Then, upon first login, you should confirm the IP address, set the CC- SG server tim e, and check the f irmware and application versions ins talled. You ma y need to upgrade the firm ware and applications. Once you have com pleted your initial conf[...]
-
Page 29
Chapter 3 : Ge t ting Started 11 Licensing - Basic License Information Licenses are base d on the num ber of nodes configured in CC -SG. Your purchase of a ph ysical or virtual applianc e includes a license t o use a specific number of nodes. This "base lice nse" enables CC -SG functionality and includes licensing for up to the set num be[...]
-
Page 30
Chapter 3 : Ge tt ing Star t ed 12 CC -SG product Description Information needed to create license for first time CC - V1 -256 CC -SG V1 Appliance, includes 256 Node Lice nse Host ID of the CC- SG unit CCSG128- VA CC -SG Virtual Applianc e, includes 128 Node Lice nse Host ID of th e W indows or Linux license server Hostnam e or IP address o[...]
-
Page 31
Chapter 3 : Ge t ting Started 13 3. Check the num ber of nodes in your database on this page. You can determine how m any more nodes you can add up to your licensed limit.[...]
-
Page 32
Chapter 3 : Ge tt ing Star t ed 14 Licensing - New Customers - Physical Appliance If you are a new custom er who has just purc hased a physical CC - SG 5.0 appliance, follow these instructions to ensure that you have valid licenses installed and activated. Step 1 - Get your li cense: 1. The license adm inistrator designated at tim e of purchase wil[...]
-
Page 33
Chapter 3 : Ge t ting Started 15 4. Click the link in the em ail to go to the S oftware License Ke y Login page on Raritan's website and login with the user ac count just created. 5. Click the Product License tab. The licenses you purchased displ ay in a list. You ma y have only 1 license, or m ultiple licenses. See Available Licenses (on page[...]
-
Page 34
Chapter 3 : Ge tt ing Star t ed 16 Step 3: Check out the l icenses you want to activ ate: You must check out licenses to activate the f eatures. Select a license from the list then click Check Out. Check out all the licenses you want to acti vate. Licensing - Cluster s - New Customers A Cluster Kit license en ables 2 CC -SG physical units o per[...]
-
Page 35
Chapter 3 : Ge t ting Started 17 Licensing - Virtual Appliance with License Server The CC-SG virtua l appliance requires you to install a license server t o host your license. Rari tan provides the license s erver sof tware and tools and a vendor daem on, which you install on a physical server. See Virtual Appliance Insta llation Requirement s (on [...]
-
Page 36
Chapter 3 : Ge tt ing Star t ed 18 Download Inst allation Files The complete set of installation files is available at http://www.raritan.c om/support/Comm andCenter-Secu re-Gatewa y/. You must log in to the R aritan Licens ing Portal to acce ss these files at this link. See Get You r License (o n page 19 ). If you prefer not to do wnload the .OVF [...]
-
Page 37
Chapter 3 : Ge t ting Started 19 7. Move the Raritan vend or daem on file using this command: cp raritan /home/flex/flexserverv11.8/i86_lsb/ 8. Enter this comm and: chmod +x raritan 9. Make sure you have the redhat-lsb package installed. To install it, run yum install redhat-lsb as root. Windows Server 1. Unpack the flexserver v11.8- win.zip file t[...]
-
Page 38
Chapter 3 : Ge tt ing Star t ed 20 3. Check y o ur email for anoth er message fr om Raritan Licensing Port al from the em ail address licensing@raritan.com , with the subj ect line Your Raritan Comm andcenter SG Software License K ey is Available. 4. Click the link in the em ail to go to the S oftware License Ke y Login page on Raritan's websi[...]
-
Page 39
Chapter 3 : Ge t ting Started 21 Linux: su - root; dmidecode -s system-uuid W indows: Use cd to change to the /flexnet -win/i86_n 3 directory, then run dmidecode - s system - uuid Enter the TCP port n umber that CC- SG will use to communicate with the license server. T he default port is 27000. If the license serv er is behind a f irewa[...]
-
Page 40
Chapter 3 : Ge tt ing Star t ed 22 2. Enter this comm and to change to the director y. cd c:flexnet-win i86_n3 3. Run lmgrd to start the ser ver. In the sam ple comm ands, "license-file.lic" is the f ile nam e of the .LIC file. If you have more than 1 license file, you must specify each file nam e in the c omm and, separating the file[...]
-
Page 41
Chapter 3 : Ge t ting Started 23 b. T y pe and then confirm the new password. The new pa ssword must be a strong pas sword consisting of at least eight characters that are a com bination of letters and num bers. 3. Press CTRL+X when you see the W elcome screen. 4. Choose Operation > N etwork Interfaces > Network Interfac e Config. The Adm ini[...]
-
Page 42
Chapter 3 : Ge tt ing Star t ed 24 6. Select the CCSG12 8-VA base license t hen click Check -Out to activate it. 7. To activate Add-On licenses, select each license t hen click Check- Out. See the CC-SG Administrators Guide for more details about licenses. See the Flexera ™ F lexNet Publisher ® docum entation for more details about managing your[...]
-
Page 43
Chapter 3 : Ge t ting Started 25 Restart License Servers After an Outage If the license server go es down, and then res umes operation, or if you move, add or delete l icense files, you should res tart the license server. Restarting the license ser ver ensures that CC -SG is s ynchronized wit h the most curr ent information. Note: A Windows license[...]
-
Page 44
Chapter 3 : Ge tt ing Star t ed 26 lmdown Allows for the gracef ul shutdown of selected license daem ons. lmdown -vendor raritan is used to shut down the Rarita n vendor daemon lmhostid Allows the user to retri eve the host ID of the current platform . Includes the – u uid, and, – hostdom ain or – internet argum ents lminstall Allows conversi[...]
-
Page 45
Chapter 3 : Ge t ting Started 27 lmver Reports the version of a FLEXnet Publisher librar y or binary file, such as lmgrd, lm admin, lmdown, vendor daem on. Install or Upgrade VM ware Tools VMware Tools is recom mended b y VMware for all virtual machine deployments. Once you install VMware Too ls on your Comm andCenter Secure Gatewa y virtual applia[...]
-
Page 46
Chapter 3 : Ge tt ing Star t ed 28 Licensing - Limited Operation Before License Install Until you have installed a nd check ed out the proper licenses , CC-SG operations are lim ited. Only the following m enu choices are enabl ed. Diagnostic Console: T o retrieve necess ary information and logs, configure network interfaces. Note: You can acc e[...]
-
Page 47
Chapter 3 : Ge t ting Started 29 Licensing - Existing Customers If you are an existing CC -SG c ustomer, with a ph ysical CC-SG appliance, when you upgrade you r CC- SG unit to 5.0 or hig her, a license file is created and insta lled that allows you to continue using CC -SG with the number of nodes configured at the tim e of upgrade . All existing [...]
-
Page 48
Chapter 3 : Ge tt ing Star t ed 30 A dd a Licens e You can add a license t o CC- SG if you purchase a new add-on license, or need to replace your licenses. W hen replacing licenses, add the base license f irst. Add -on licenses associated with the pre vious base license will b e deleted autom atically if they are not valid with the new base license[...]
-
Page 49
Chapter 3 : Ge t ting Started 31 Only the CC Super -User and users with similar privileg es can configure Time and Date. Changing the tim e zone is disab led in a cluster conf iguration. To configu re the CC-SG server time and date: 1. Choose Administrat ion > Configuration. 2. Click the Tim e/Date tab. a. To set the date and t ime manually: [...]
-
Page 50
Chapter 3 : Ge tt ing Star t ed 32 Checking and Upgrading Application Versions Check and upgrade the CC- SG applications, including Raritan Console (RC) and Raritan Rem ote Client (RRC). To check an application version: 1. Choose Administrat ion > Applicati ons. 2. Select an Application nam e from the list. Note the number in the Version field. [...]
-
Page 51
33 Guided Setup off ers a simple way to com plete initial CC -SG configuration task s once the network configuration is com plete. The Guided Setup interf ace leads you through the process of def ining Associations, discoverin g and adding de vices to CC- SG, creating de vice groups and node grou ps, creating user grou ps, assigning policies a nd p[...]
-
Page 52
Chapter 4 : Con figuring CC- S G with Guided Setup 34 A ssocia tions in Guided Setup Create Categories and Elements To create categorie s and elements in Gu ided Setup: 1. In the Guided Setup window, click Ass ociations, and then click Create Categories in the left panel to open the Cr eate Categories panel. 2. In the Categor y Name field, type the[...]
-
Page 53
Chapter 4 : Con figuring CC- S G with Guided Setup 35 Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task . You can also click Device Setup, and then c lick Discover Devices in th e Guided Tasks tree view in the left panel to open the Discover Devices pa nel. To discov er and add dev[...]
-
Page 54
Chapter 4 : Con figuring CC- S G with Guided Setup 36 14. If you are m anually adding a PowerStr ip device, click the Number of ports drop-do wn arrow and select the n umber of outlets the PowerStrip contains. 15. If you are adding an I PMI Server, t ype an Interval, used to chec k for availability, and an Authe ntication Method, which needs to m a[...]
-
Page 55
Chapter 4 : Con figuring CC- S G with Guided Setup 37 3. There are two wa ys to add devices to a group, Select Devices and Describe Devices. T he Select Devices tab a llows you to select which devices you want to assi gn to the group b y selecting th em from the list of available devices . The Describe De vices tab allows you to specify rules that [...]
-
Page 56
Chapter 4 : Con figuring CC- S G with Guided Setup 38 Select Nodes a. Click the Select Nod es tab in the Node Gr oup: New panel. b. In the Available list, se lect the node you want t o add to the group, and then click Add to m ove the node into the Selected list. Nodes in the Se lected list will be added t o the group. c. To remove a node fr om[...]
-
Page 57
Chapter 4 : Con figuring CC- S G with Guided Setup 39 Add User Groups and Us ers The Add User Group p anel opens when you click Continue at th e end of the Create Groups task . You can also click User Managem ent, and then click Add User Gro up in the Guided T asks tree view in the lef t panel to open the Add User Grou p panel. To add user groups a[...]
-
Page 58
Chapter 4 : Con figuring CC- S G with Guided Setup 40 13. Select the Login Enab led checkbox if you want the us er to be able to log in to CC-SG. 14. Select the Rem ote Authentication check box only if you want the us er to be authenticated b y an outside server, such as TACACS+, RADIUS, LDAP, or AD. If you are usin g remote authenticati on, a pass[...]
-
Page 59
41 In This Chapter About Associations .................................................................................. 41 Adding, Editing, and D eleting Categories a nd Elements ........................ 42 Adding Categories an d Elem ents with CSV File Import .......................... 43 A bout A ss ociations You can set up Ass ociations to help[...]
-
Page 60
Chapter 5 : A ssociation s , Categori es, and Elements 42 Policies also use cate gories and elem ents to control us er access to servers. For exam ple, the categor y/element pair Loca tion/America can be used to create a P olicy to control user access to servers in Am erica. See Policies for Ac cess Control (on page 175 ). You can assign m ore than[...]
-
Page 61
Chapter 5 : Associations, Categorie s , and Ele m ents 43 Select Integer if the value is a number. 5. In the Applicable For f ield, select wheth er this category applies t o: Devices, Nodes, or D evice and Nodes. 6. Click OK to create th e new categor y. The new categor y name appears in the Cate gory Nam e field. Delete a Categor y Deleting a [...]
-
Page 62
Chapter 5 : A ssociation s , Categori es, and Elements 44 Categories and Elem ents CSV File Requ irements The categories and el ements CSV f ile defines the categories, t heir associated elem ents, their type, and whether the y apply to devices, nodes or both. All CATEGORY and CATEGORYELEM ENT records a re related. A CATEGOR Y record must have [...]
-
Page 63
Chapter 5 : Associations, Categorie s , and Ele m ents 45 Sample Categories and Elements CSV File ADD, CATEGOR Y, OS, String, Nod e ADD, CATEGOR YELEMENT, OS, UNIX ADD, CATEGOR YELEMENT, OS, W INDOW S ADD, CATEGOR YELEMENT, OS, LINUX ADD, CATEGOR Y, Location, String, De vice ADD, CATEGOR YELEMENT, Location, Aisle 1 ADD, CATEGOR YELEMENT, Location, [...]
-
Page 64
Chapter 5 : A ssociation s , Categori es, and Elements 46 Export Categories and Element s The export file conta ins comm ents at the top that descr ibe each item in the file. The comm ents can be used as instructio ns for creating a file f or importing. To export categories and elements: 1. Choose Administrat ion > Export > Export C ategories[...]
-
Page 65
47 To add Raritan Po werStrip Devices that are co nnected to other Rar itan devices to CC-SG, se e Managed PowerStr ips (on pa ge 93 ). Note: To configure i LO/RILOE devices, IPMI d evices, Dell DR AC devices, IBM RSA dev ices, or other non -Raritan devic es, use the Add Node menu and add t hese items as an interfac e. See Nodes, Node Groups, and I[...]
-
Page 66
Chapter 6 : Dev ices, Device Groups, and Ports 48 Viewing Devices The Devices T ab Click the Devices tab t o display all devices und er CC- SG m anagement. Each device's configure d ports are nested under t he devices the y belong to. Devices with configure d ports appear in the list with a + s y m bol. Click the + or - to expand or collapse t[...]
-
Page 67
Chapter 6 : Dev ices, Device Groups, and Por ts 49 Icon Meaning Serial port unavailable Ghosted port (See R aritan's Paragon II User Guide for deta ils on Ghosting Mode.) Device paused Device unavailable Power strip Outlet port Blade chassis available Blade chassis unavail able Blade server available Blade server una vailable Port Sorting Opti[...]
-
Page 68
Chapter 6 : Dev ices, Device Groups, and Ports 50 Note: For blade serv ers without an int egrated KVM switc h, such as HP BladeSystem servers , their parent device is th e virtual blade chassis t hat CC -SG creates, not the KX2 device. These serv ers will be sorte d only within the virtual blade c hassis device so they will not appear in order with[...]
-
Page 69
Chapter 6 : Dev ices, Device Groups, and Por ts 51 The Device Profile inclu des tabs that contain inf ormation about the device. Associations tab The Associations tab c ontains all categories and elements assigned to the node. You can chan ge the associations b y making different selections. See A ssociations, Categor ies, and Element s (on page 41[...]
-
Page 70
Chapter 6 : Dev ices, Device Groups, and Ports 52 2. Choose Devices > Device Manager > T opology View. T he Topolog y View for the selecte d device appears. Click + or - to expan d or collapse the v iew. Right Click Options in t he Devices Tab You can right-click a device or port in the D evices tab to displa y a menu of comm ands availab[...]
-
Page 71
Chapter 6 : Dev ices, Device Groups, and Por ts 53 Discovering Devices Discover Devices init iates a search for all de vices on your network. After discovering the devices, you ma y a dd them to CC -SG if the y are not already managed. To discov er devices: 1. Choose Devices > Discover Devices. 2. T y pe the r ange of IP addre sses where you exp[...]
-
Page 72
Chapter 6 : Dev ices, Device Groups, and Ports 54 A dding a De vice Devices m ust be added to CC -SG before you can configure ports or add interfaces that provide acc ess to the nodes c onnected to ports. T he Add Device screen is used to a dd devices whose prop erties you know and can provide to CC- SG. To search f or devices to a dd, use the Disc[...]
-
Page 73
Chapter 6 : Dev ices, Device Groups, and Por ts 55 6. T y pe the time (in seconds) that should elapse bef ore tim eout between the new de vice and CC- SG in the Heartbeat ti meout (sec) field. 7. W hen adding a Dominion SX or Dom inion KX2 version 2.2 or later device, the Allow Direct D evice Access c heckbox enables access to targets directl y thr[...]
-
Page 74
Chapter 6 : Dev ices, Device Groups, and Ports 56 14. If the firmware versio n of the device is not com patible with CC -SG, a message appears. Click Yes to add the dev ice to CC- SG. You can upgrade the device f irmware after adding it to CC-SG. See Upgrading a Device (on page 82 ). Add a PowerStrip Dev ice The process of adding a PowerStrip Devic[...]
-
Page 75
Chapter 6 : Dev ices, Device Groups, and Por ts 57 If you do not see the Cate gory or Elem ent values you want t o use, you can add others . See Association s, Categori es, and Elements (on pag e 41). 8. W hen y ou are done conf iguring this device, click Apply to add this device and open a ne w blank Add Device scree n that allows you to conti[...]
-
Page 76
Chapter 6 : Dev ices, Device Groups, and Ports 58 2. T y pe the new device prope rties in the appropriate f ields on this screen. If necessar y, edit the Categories an d Elements associate d with this device. 3. Click the Outlet tab t o view all outlets of this PowerStrip. 4. If an outlet is associat ed with a node, click the Node hyperlink to open[...]
-
Page 77
Chapter 6 : Dev ices, Device Groups, and Por ts 59 A dding Location and Contacts to a Device Profile Enter details about t he location of the de vice and contact in form ation for the people who adm inister or use the de vice. To add location and contacts to a dev ice profile: 1. Select a device in the D evices tab. The De vice Profile page opens. [...]
-
Page 78
Chapter 6 : Dev ices, Device Groups, and Ports 60 Configuring Ports If all ports of a device were not automaticall y added by selecting Configure all ports when you added the de vice , use th e Configure Ports screen to add individual ports or a set of ports on the device to CC -SG. On ce you configure ports, a no de is created in CC -SG f or each [...]
-
Page 79
Chapter 6 : Dev ices, Device Groups, and Por ts 61 3. Click the Configure butto n that corresponds to the KVM port you want to configure. 4. T y pe a p ort name in the Po rt Nam e field. For ease of us e, name the port after the target th at is connected to the port. See Naming Conventions (on page 389) for details on CC-SG's rules for nam e l[...]
-
Page 80
Chapter 6 : Dev ices, Device Groups, and Ports 62 3. Click the Access Appl ication drop-d own menu and se lect the application you want to use when you connect t o this port from the list. To allow CC-SG t o autom atically select the correct app lication based on your bro wser, select Auto-Det ect. 4. Click OK to save your changes. To edit a KSX2 o[...]
-
Page 81
Chapter 6 : Dev ices, Device Groups, and Por t s 63 3. Select the check box of the port you want to d elete. 4. Click OK to delete the se lected port. A m essage ap pears when the port has been deleted. Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Ov erview There are two t ypes of blade chassis devices: one is with an integrate[...]
-
Page 82
Chapter 6 : Dev ices, Device Groups, and Ports 64 Add a Blade Cha ssis Device The procedure to ad d a blade chassis d evice varies dependin g on the blade chassis t ype. A blade chassis dev ice always show t wo names i n the Devices tab: the name without the par entheses is retrie ved from the KX2 device, and the name within the par entheses is the[...]
-
Page 83
Chapter 6 : Dev ices, Device Groups, and Por ts 65 Configuring Slots on a Blade Chassis Device If the blade servers or s lots are not configur ed yet in CC -SG. you m ust configure them by following the procedure in this sec tion, or the blade servers do not app ear in the Devices and Nodes t abs. An Out - of -Band KVM interface is autom atically a[...]
-
Page 84
Chapter 6 : Dev ices, Device Groups, and Por ts 66 To configure each slot individually, click the Co nfigure button next to the slot. Then type a name for the slot in the P ort Name field, and type a node n ame in the Node Nam e field. The default Access Application is set according to th e default application selected for "Blade Ch assis:[...]
-
Page 85
Chapter 6 : Dev ices, Device Groups, and Por ts 67 To delete a slot using th e Delete Blade comman d: 1. In the Devices tab, c lick the + next to the KX2 d evice that is connected to the blade ch assis device. 2. Click the + next to th e blade chassis device whose slots you want to delete. 3. Right-click the blade s lot that you want to d elete. 4.[...]
-
Page 86
Chapter 6 : Dev ices, Device Groups, and Ports 68 Move a Blade Cha ssis Device to a Differ ent Port W hen phy s ically moving a bla de chassis device from one KX2 device or port to another KX2 d evice or port, CC -SG cannot dete ct and automatically update the configuration data of the blade chassis de vice to the new port. You must configure the b[...]
-
Page 87
Chapter 6 : Dev ices, Device Groups, and Por ts 69 Bulk Copying for Device Associations, Location and Contacts The Bulk Cop y command allows you to copy categories, elem ents, location and contact inf ormation from one device to multiple other devices. Note that the se lected inform ation is the only propert y copied in this process. If you have th[...]
-
Page 88
Chapter 6 : Dev ices, Device Groups, and Ports 70 Configuring Analog KVM Switches Connected to KX2 2.3 or Higher KX2 version 2.3 enabl es you to connect a generic a nalog KVM switch t o a target port. T he generic analog KVM s witch and its ports will be available as nodes to CC -SG . You must configure t his first in the KX2 web interface, and the[...]
-
Page 89
Chapter 6 : Dev ices, Device Groups, and Por ts 71 4. Select the check box for each slot you want to configure, then cl ick OK. To configu re slots from the Configu re Ports screen: 1. In the Devices tab, c lick the + next to the KX2 d evice that is connected to the K VM switch device. 2. Select the KVM switch device whose ports you want to configu[...]
-
Page 90
Chapter 6 : Dev ices, Device Groups, and Ports 72 Device Groups Overv iew Device groups are us ed to organize dev ices into a set. T he device group will becom e the basis for a polic y either allowing or den ying access to this particular set of de vices. See Adding a Policy (on page 1 76) . Devices can be groupe d manually, using the S elect meth[...]
-
Page 91
Chapter 6 : Dev ices, Device Groups, and Por ts 73 2. Click the New Group icon in the toolbar. The De vice Group: New panel appears . 3. In the Group Nam e field, type a nam e for a device group you want to create. See Naming Con ventions ( on page 389) f or details on CC - SG 's rules for nam e lengths. 4. There are two wa ys to add devices t[...]
-
Page 92
Chapter 6 : Dev ices, Device Groups, and Ports 74 Category - Select a n attribute that will be e valuated in the rule. All categories you created in the Association Manager ar e available here. If an y blade chassis has been configured i n the system , a Blade Chassis categor y is available b y default. Operator - Select a com parison opera[...]
-
Page 93
Chapter 6 : Dev ices, Device Groups, and Por ts 75 Example 2: If you want to describe a group of devices that belong to the engineering dep artment or are locate d in Philadelphia, and specify that all of the m achines m ust have 1 GB of mem ory, you must create three rules . Departm ent = Engineering (Rule0) Loc ation = Philadel phia (Rule1) Mem o[...]
-
Page 94
Chapter 6 : Dev ices, Device Groups, and Ports 76 Describe Method versus Select Method Use the describe m ethod when you want your group to be b ased on some attribute of the node or devices, such as the categories and elements. T he advantage of the describe m ethod is that when you add more devices or nodes with the sam e attributes as des cribed[...]
-
Page 95
Chapter 6 : Dev ices, Device Groups, and Por ts 77 A dding Devices w ith CSV File Import You can add devices to CC- SG by importing a CSV fi le that contains the values. You m ust have the Device, Port, and Node Management and CC Setup and Control pri vileges to import and ex port devices. You must be assigne d a policy that gives you access to all[...]
-
Page 96
Chapter 6 : Dev ices, Device Groups, and Ports 78 Column number Tag or value Details spaces or certain speci al characters. Dominion PX device names cannot include periods. Upon import, periods are converted t o hyphens. 5 IP Address or Hostnam e Required field. 6 Usernam e Required field. 7 Password Required field. 8 Heartbeat Default is configure[...]
-
Page 97
Chapter 6 : Dev ices, Device Groups, and Por ts 79 To add a port to t he CSV file: Use the DEVICE- PORT tag onl y if you add a device with Conf igure All Ports set to FALSE, a nd you want to specif y ports individuall y. The ports you add m ust be un-configured in CC- SG when you import the CSV file. Column number Tag or value Details 1 ADD The fir[...]
-
Page 98
Chapter 6 : Dev ices, Device Groups, and Ports 80 Column number Tag or value Details 6 Blade Nam e Optional. If left blank , the name assigned at the de vice level is used. If a name is entere d in the CSV file, it will be copied to the dev ice level. 7 Node Nam e Enter a nam e for the node that will be created when this bla de is configured. To ad[...]
-
Page 99
Chapter 6 : Dev ices, Device Groups, and Por ts 81 Column number Tag or value Details 2 DEVICE-CATEGORYELEME NT Enter the tag as sho wn. Tags are not case se nsitive. 3 Device Name Required field. 4 Category Nam e Required field. 5 Element Nam e Required field. Sample Devices C SV File ADD, DEVICE, DOMINION KX2, Lab - Test,192.168.50.123,ST Lab KVM[...]
-
Page 100
Chapter 6 : Dev ices, Device Groups, and Ports 82 6. To view more im port results details, check the Audit Trail re port. See Audit Trail Entries for Imp orting (on page 370 ). Export Devices The export file conta ins comm ents at the top that descr ibe each item in the file. The comm ents can be used as instructio ns for creating a file f or impor[...]
-
Page 101
Chapter 6 : Dev ices, Device Groups, and Por ts 83 Backing Up a Device Configuration You can back up all user configuration an d system conf iguration files for a selected device. If an ything happens to the device, you can restore th e previous configurat ions from CC -SG using the back up file created. The maxim um number of back up files that ca[...]
-
Page 102
Chapter 6 : Dev ices, Device Groups, and Ports 84 Restoring Device Configurations The following device t ypes allow you to restore a f ull backup of the device configuration. KX KSX KX101 SX IP -Reach KX2, KSX2, and KX2 -101 devices allo w you to choose which components of a back up you want to restore to the device. Protect[...]
-
Page 103
Chapter 6 : Dev ices, Device Groups, and Por ts 85 Restore All Configur ation Data Except Netw ork Set tings to a KX2, KSX2, or KX2-101 Device The Protected restore o ption allows you to restore all conf iguration data in a backup file, exc ept network settings, to a KX2, KSX 2, or KX2- 101 device. You can use the Protected option to res tore a bac[...]
-
Page 104
Chapter 6 : Dev ices, Device Groups, and Ports 86 Restore All Configur ation Data to a KX2, KS X2, or KX2 -101 Device The Full restore optio n allows you to restore all configuratio n data in a backup file to a KX2, K SX2, or KX2 -101 device. To restore all configu ration data to a K X2, KSX2, or KX2 -101 device: 1. Click the Devices tab and select[...]
-
Page 105
Chapter 6 : Dev ices, Device Groups, and Por ts 87 3. Click Upload. Naviga te to and select the de vice backup file. The f ile type is .rfp. Click Open. The device back up file uploads to CC -SG and appe ars in the page. Copying Device Configuration The following device t ypes allow you to cop y configurations from one device to one or m ore other [...]
-
Page 106
Chapter 6 : Dev ices, Device Groups, and Ports 88 Restarting a Device Use the Restart Dev ice function to restart a device. To restart a device 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Rest art Device. 3. Click OK to restart the device. 4. Click Yes to confirm that all users acce[...]
-
Page 107
Chapter 6 : Dev ices, Device Groups, and Por t s 89 Resuming Management of a Device You can resum e CC-SG managem ent of a paused device to br ing it back under CC-SG contr ol. To resume CC-SG's management of a paused device: 1. Click the Devices tab and select the pause d device from the Devices tree. 2. Choose Devices > Device Manager >[...]
-
Page 108
Chapter 6 : Dev ices, Device Groups, and Ports 90 6. Select the devices to include in the task by selecting a device group from the Device Group drop-do wn list. Select the devic es to include in the Available list, the n use the arro w buttons to move the de vices to the Selected list. Dev ices in the Selected list will be included in the pause or[...]
-
Page 109
Chapter 6 : Dev ices, Device Groups, and Por ts 91 Disconnecting Users Administrators can term inate any user's sess ion on a de vice. This includes users who are perform ing any kind of operation on a d evice, such as connecting to ports, backing up the conf iguration of a device, restoring a device's c onfiguration, or upgrading th e fi[...]
-
Page 110
Chapter 6 : Dev ices, Device Groups, and Por t s 92 IP -Reach and UST -IP Administration You can perform administrative diagnostics on IP-Rea ch and UST- IP devices connected to your Paragon System setup directly from the CC -SG interface. After adding the Par agon System device to CC -SG, it appears in the Devices tree. To access Remote Us er Stat[...]
-
Page 111
93 There are three ways to conf igure power control using po werstrips in CC -SG. 1. All supported Raritan- brand powerstri ps can be connected to an other Raritan device and a dded to CC-SG as a Powerstrip d evice. Raritan-brand po werstrips include Dom inion PX and RPC powerstrips. Check the Com patibility Matrix f or supported versions . To conf[...]
-
Page 112
Chapter 7 : Ma naged Powerstrips 94 Configuring Powerstrips that are Managed by Anot her Device in CC - SG In CC-SG, m anaged powerstrips can be c onnected to one of the following devices: Dominion KX Dominion K X2 Dominion KX2- 101 Dominion SX 3.0 Dominion SX 3.1 Dominion KSX Dominion KSX2 Paragon II/Paragon II Syst[...]
-
Page 113
Chapter 7 : Ma naged Powerstrips 95 Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC -SG autom atically detects PowerStri ps connected to KX, KX 2, KX2-101, KSX2, and P2SC devices. You ca n perform the following tasks in CC-SG to conf igure and manage PowerStrips connected to these devices. Add a PowerStrip De vice Conne[...]
-
Page 114
Chapter 7 : Ma naged Powerstrips 96 Delete a PowerStrip Co nnected to a K X, KX2, KX2 -101, KSX2, or P2SC Device You cannot delete a Po werStrip connec ted to a KX, KX2, KX2 -101, KSX2, or P2SC de vice from CC-SG. You m ust physically disconnect the PowerStrip from the device to delete the Po werStrip f rom CC -SG. When you physicall y disconnect t[...]
-
Page 115
Chapter 7 : Ma naged Powerstrips 97 10. For each Categor y listed, click the Elem ent drop-do wn m enu and select the elem ent you want to appl y to the device. Selec t the blank item in the Elem ent field for each Categ ory you do not want to use. See Associations, Categories, and Elements ( on page 41 ) . Optional. 11. W hen y ou are done conf ig[...]
-
Page 116
Chapter 7 : Ma naged Powerstrips 98 Configuring Powerstrips Connected to SX 3.1 You can perf orm the following task s in CC-SG to conf igure and m anage Powerstrips connected t o SX 3.1 devices. Add a Powerstrip Conn ected to an SX 3.1 De vice ( on page 98 ) Move an SX 3.1's Power strip to a Different Po rt (on page 99 ) Delete a P[...]
-
Page 117
Chapter 7 : Ma naged Powerstrips 99 Move an SX 3.1's Powerstrip to a Different Po rt W hen y ou ph y s ically m ove a Powerstrip from one SX 3.1 device or port to another SX 3.1 de vice or port, you must delete the Po werstrip from the old SX 3.1 port and ad d it to the new SX 3. 1 port. See Delete a Powerstrip Connect ed to an SX 3.1 Device ([...]
-
Page 118
Chapter 7 : Ma naged Powerstrips 100 To configure m ultiple outlets with the default nam es shown in the screen, select the chec kbox for eac h outlet you want to configure, and then click OK to configure each outlet with the default name. To configure each out let individuall y, click the Configu re button next to the outlet, an d then typ[...]
-
Page 119
101 This section covers ho w to view, configure, a nd edit nodes and their associated interf aces, and how to create node gro ups. Connecting to nodes is covered brief ly. See Raritan's Co mmandCe nter Secure Gateway User Guid e for details on conn ecting to nodes. In This Chapter Nodes and Interfac es Overview ................................[...]
-
Page 120
Chapter 8 : Nod es, Node Groups, a nd I nterface s 102 Node Names Node names must be unique. CC-SG will prom pt you with options if you attempt to m anually add a node with an exist ing node nam e. W hen CC -SG autom atically adds nodes, a num bering system ensures that node names are un ique. See Naming Con ventions (on pa ge 389 ) for det ails on[...]
-
Page 121
Chapter 8 : Nod es, Node Groups, and Interfaces 103 Node Profile Click a Node in the Nod es tab to open t he Node Profile pag e. The Node Profile page includes ta bs that contain inf ormation about the node.[...]
-
Page 122
Chapter 8 : Nod es, Node Groups, and Interfaces 104 Interfaces tab The Interfaces tab cont ains all the node's interf aces. You can add, ed it, and delete interf aces on this tab, and se lect the default interf ace. Nodes that support virtual m edia include an addition al column that sho ws whether virtual m edia is enabled or disable d. Assoc[...]
-
Page 123
Ch apter 8 : Node s, Node Gr oups, and Interfaces 105 Control system s erver nodes, such as VM ware's V irtual Center, include the Control S ystem Data tab. The Control System Data tab conta ins inform ation from the control system s erver that is refreshed when the tab opens. You can acc ess a topology view of the v irtual infrastructure, lin[...]
-
Page 124
Chapter 8 : Nod es, Node Groups, and Interfaces 106 Service A c counts Service A ccounts Ov erview Service accounts are sp ecial login credent ials that you can assig n to multiple interfac es. You can save time b y assigning a service account t o a set of interfaces that often require a pass word change. You can u pdate the login credentials in t [...]
-
Page 125
Chapter 8 : Nod es, Node Groups, and Interfaces 107 Add, Edit, and Delete S ervice Acc o unts To add a service accoun t: 1. Choose Nodes > Ser vice Accounts. T he Service Accounts pa ge opens. 2. Click the Add Ro w icon to add a ro w to the table. 3. Enter a nam e for this service account in the Service Account N ame field. 4. Enter the usernam [...]
-
Page 126
Chapter 8 : Nod es, Node Groups, and Interfaces 108 2. Find the service acc ount whose pass word you want to chang e. 3. Enter the new pass word in the Password f ield. 4. Re -type the passwor d in the Retype Passwor d field. 5. Click OK. Note: CC-SG upda tes all interfaces that use t he service account to use the new login cred entials when you ch[...]
-
Page 127
Chapter 8 : Nod es, Node Groups, and Interfaces 109 A dding, Editing, and Dele ting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. T y pe a n ame f or the node in the Node Nam e field. All node nam es in CC -SG m ust be unique. See Naming Co nventions ( on page 389) for details on CC- SG's ru[...]
-
Page 128
Chapter 8 : Nod es, Node Groups, and Interfaces 110 Nodes Created by Con figuring Port s W hen y ou configure the po rts of a device, a node is created automatically for eac h port. An interfac e is also created for each node. W hen a node is automaticall y created, it is given the sam e name as the port to which it is assoc iated. If this node nam[...]
-
Page 129
Chapter 8 : Nod es, Node Groups, and Interfaces 111 A dding Location and Contacts to a Node Profile Enter details about t he location of the nod e, and contact inform ation for the people who adm inister or use the no de. To add location and contacts to a node profile: 1. Select a node in the No des tab. The N ode Profile page opens . 2. Click the [...]
-
Page 130
Chapter 8 : Nod es, Node Groups, and Interfaces 112 Configuring the Virtual Infrastructure in CC- SG Terminology for Virtu al Infrastructure CC -SG uses the follo wing terminolog y for virtual infrastructure components. Term Definition Example Control System The Control S y s tem is the managing server. T he Control System manages one or m ore Virt[...]
-
Page 131
Chapter 8 : Nod es, Node Groups, and I nterface s 113 Virtual Nodes Overview You can configure your virtual infrastructure f or access in CC -SG. T he Virtualization page of fers two wizard tools, Add Control System wi zard and Add Virtual Host wi zard, that help you add control s y st ems , virtua l hosts, and their virtual m achines properl y. On[...]
-
Page 132
Chapter 8 : Nod es, Node Groups, and Interfaces 114 To use a service acc ount for authentication, s elect the Use Service Account Cr edentials check box. Select the serv ice account to use in the Service Account Nam e menu. or Enter a Usernam e and Password for a uthentication. Maxim um 64 characters each. 8. To allow users who access this [...]
-
Page 133
Chapter 8 : Nod es, Node Groups, and Interfaces 115 Use Ctrl+click or Shift+c lick to select m ultiple virtual machines that you want to add. In the Check /Uncheck Selected Rows sect ion, select the Virtual Machine check box. To add a VNC, RDP, or SSH interf ace to the virtual host nodes and virtual m achine nodes that wi ll be created,[...]
-
Page 134
Chapter 8 : Nod es, Node Groups, and Interfaces 116 One node for each v irtual host. Each virtual h ost node has a VI Client interfac e. Virtual Host nodes are n amed with their IP addresses or host nam es. One node for the contro l system . The control system node has a VI Client interface. C ontrol System nodes are nam ed "Virtual Ce[...]
-
Page 135
Chapter 8 : Nod es, Node Groups, and Interfaces 117 12. Add virtual m achines to CC- SG. One node will be crea ted for each virtual machine. Each as sociated virtual h ost will also be configured. Only one virtual host node will be added, even if the virtual host is associated with m ultiple virtual machines. To add one virtual m achine: Se[...]
-
Page 136
Chapter 8 : Nod es, Node Groups, and Interfaces 118 VI Client Interfaces VMware Viewer Interf aces Virtual Power Interf aces RDP, VNC, and S SH Interfaces, if specif ied b. Enter login credentials, if needed. Som e interface types do not require login credentials.: To use a Service Acc ount, select the Use Service Account Creden[...]
-
Page 137
Chapter 8 : Nod es, Node Groups, and Interfaces 119 5. Change the inform ation as needed. Se e Add a Con trol System with Virtual Hosts and Virtual Machines (on p age 113) and Add a Virtual Host with Virtual Machines ( on page 116) f or complete field descriptions. 6. Click Next. 7. Delete one or m ultiple virtual machines f rom CC -SG. To dele[...]
-
Page 138
Chapter 8 : Nod es, Node Groups, and Interfaces 120 Delete Control Systems and Virtual Hosts You can delete control s ystems and virtu al hosts from CC -SG. W hen y ou delete a control system, the virtual hosts a nd virtual m achines associated with it are not delete d. W hen y ou delete a virtual h ost, the control s ystems and virtual m achines a[...]
-
Page 139
Chapter 8 : Nod es, Node Groups, and In terface s 121 vSphere 4 Users M ust Install New Plug- In W hen upgrading your virtual environment f rom a previous vers ion to vSphere 4, you must remove the VM ware Remote Cons ole plug- in from the browser. After rem oving the plug- in, the correct pl ug-in for vSphere 4 will be installed the next t ime you[...]
-
Page 140
Chapter 8 : Nod es, Node Groups, and Interfaces 122 Synchronize the Virtual Infrastructure You can perform a synchronization of CC -SG with your virtual infrastructure. W hen y ou select a contro l s y st em for s ynchronization, the assoc iated virtual hosts will also be s ynchronized, whether or not you select the virtual hosts. To synchronize th[...]
-
Page 141
Chapter 8 : Nod es, Node Groups, and Interfaces 123 Reboot or Force Reboot a Virtual Host Node You can reboot or f orce reboot the virtual host ser ver. A Reboot operation perform s a normal reboot of the virtual host server when it is in maintenance m ode. A Force Reboot operatio n forces the virtual host server to reboot, e ven if the server is n[...]
-
Page 142
Chapter 8 : Nod es, Node Groups, an d I nterface s 124 Connecting to a Node Once a node has an i nterface, you can connect to that node through the interface in several diff erent ways. See Raritan's Comm andCenter Secure Gatewa y User Guide. To connect to a nod e: 1. Click the Nodes tab. 2. Select the node to which you want to connect and: ?[...]
-
Page 143
Chapter 8 : Nod es, Node Groups, and Interfaces 125 A dding, Editing, and Dele ting Interfaces Add an Interface Note: Interfaces for virtu al nodes, such as contro l system, virtual hosts, and virtual machines, c an only be ad ded using the Virt ualization tools under Nodes > Virtuali zation. See Co nfiguring the Vir tual Infrastructure in CC - [...]
-
Page 144
Chapter 8 : Nod es, Node Groups, and Interfaces 126 See Interfaces for O ut- of -Band KV M, Out- of -Band Serial Connections (on page 128) . Power Control Connectio ns: Power Control - DR AC: Select this item to create a p ower control connection to a Dell DR AC server. Power Control - iLO Processor: Select th is item to create a po wer con[...]
-
Page 145
Chapter 8 : Nod es, Node Groups, and Interfaces 127 Interfaces for In-Band Connections In -band connections inc lude RDP, VNC, SSH, RSA KVM, iLO Processor KVM, DRAC KVM, a nd TELNET . Telnet is not a secure acc ess m ethod. All usernames, passwords , and traffic are transm itted in clear text. To add an int erface for in-band con nections: 1. T y p[...]
-
Page 146
Chapter 8 : Nod es, Node Groups, and Interfaces 128 Microsoft RDP Connection Details If using a W indows XP client, you m ust have Term inal Server Client 6.0 or higher to connec t a Microsoft RDP interf ace from CC -SG. Update the Term inal Server Client to 6. 0 using this link: http://support.m icrosoft.com /kb/925876. Internet Explorer o[...]
-
Page 147
Chapter 8 : Nod es, Node Groups, and Interfaces 129 Interfaces for DRAC Power Control Connections To add an int erface for DRAC pow er control connections: 1. T y pe the IP Address or Ho stname f or this interface in the IP Address/Hostnam e field. 2. T y pe a T CP Port for this co nnection in the TCP Port field. D R A C 5 only. TCP Port is n ot re[...]
-
Page 148
Chapter 8 : Nod es, Node Groups, and Interfaces 130 RSA Interface Details W hen y ou create an In- Band RSA KVM or Power interface, CC -SG discards the usernam e and password assoc iated with the interf ace, and creates two user accounts on the RSA server. T his allows you to ha ve simultaneous KVM a nd power access to the RSA server. New usernam e[...]
-
Page 149
Chapter 8 : Nod es, Node Groups, and Interfaces 131 3. Power Strip Nam e: select the Power Strip or PX device th at provides power to the node. T he power strip or PX de vice mus t be configured in CC-SG before it appears in this list. 4. Outlet Name: select th e nam e of the outlet the node is plugged i nto. Optional. 5. T y pe a d escription of t[...]
-
Page 150
Chapter 8 : Nod es, Node Groups, and Interfaces 132 In terfaces for Power IQ Proxy Power Control Connections Add a Power IQ Prox y power control interfac e when you want to use CC -SG to control po wer to a Power IQ IT de vice that you've added to CC -SG as a node. T his enables you to contro l power to nodes connected to PDUs n ot managed b y[...]
-
Page 151
Chapter 8 : Nod es, Node Groups, and Interfaces 133 Web Browser Interface You can add a W eb Browser Interfac e to create a connection to a device with an em bedded web server, such as a Dominion PX . See Ex ample: Adding a Web Brows er Interface to a PX Node (on page 134). For a blade chassis with an integrated KVM s witch, if you have ass igned a[...]
-
Page 152
Chapter 8 : Nod es, Node Groups, and Interfaces 134 5. T y pe the f ield nam es for the usernam e and password f ields used in the login screen for th e web application in the Usern am e Field and Password Field. You m ust view the HT ML source of the login scr een to find the field nam es, not the field labels. See T ips for Adding a We b Browse r[...]
-
Page 153
Chapter 8 : Nod es, Node Groups, an d Interfaces 135 Results of Adding an Interface W hen y ou add an interf ace to a node, it appears i n the Interfaces table and the Default Interf ace drop-do wn menu of the Add Node or Node Profile screen. You ca n click the drop -down m enu to select the default interface to use when m aking a connection to t h[...]
-
Page 154
Chapter 8 : Nod es, Node Groups, and Interfaces 136 Bookmarking an Interface If you frequentl y access a node via a particular int erface, you can bookmark it so that it is readily available fr om your browser. To bookmark an interf ace in any brow ser: 1. In the Nodes tab, selec t the interf ace you want to bookm ark. Yo u must expand the node to [...]
-
Page 155
Chapter 8 : Nod es, Node Groups, and Interfaces 137 Configuring Direct Port Access to a Node You can configure D irect Port Access to a nod e using the Bookm ark Node Interface feature. See Bookmarking an Interface (o n page 136 ). Bulk Copying for Node Associations, Location and Contacts The Bulk Cop y command allows you to copy categories, elem e[...]
-
Page 156
Chapter 8 : Nod es, Node Groups, and Interfaces 138 Using Chat Chat provides a way for users connected to the sam e node to communicate with eac h other. You m ust be connected to a nod e to start a chat session for that node. Only users on the sam e node can cha t with each other. To start a chat session: 1. Choose Nodes > Chat > Start Chat [...]
-
Page 157
Chapter 8 : Nod es, Node Groups, and Interfaces 139 Nodes CSV File Requ irements The nodes CSV fi le defines the nodes , interfaces, and their details required to add them to CC-SG. Node names m ust be unique. If you enter du plicate node nam es, CC -SG adds a num ber in parentheses to the name to m ake it unique, and adds the node. If you are [...]
-
Page 158
Chapter 8 : Nod es, Node Groups, and Interfaces 140 Column number Tag or value Details 3 Node Nam e Enter the same value as entered for Raritan Port Nam e. 4 Raritan Device Nam e Required field. The device m ust already be added to CC -SG. 5 Port Num ber Required field. 6 Blade Slot/KVM Switch Port If the node is assoc iated with a blade, enter the[...]
-
Page 159
Chapter 8 : Nod es, Node Groups, and Interfaces 141 Column number Tag or value Details Raritan Port Nam e. 8 Baud Rate Valid for SX ports on ly. 9 Parity Valid for SX ports on ly. 10 Flow Control Valid for SX ports on ly. 11 Description Optional. To add an RDP interf ace to the CSV file: Column number in CSV file Tag or value Details 1 ADD The firs[...]
-
Page 160
Chapter 8 : Nod es, Node Groups, and Interfaces 142 Column number in CSV file Tag or value Details Default is Java. To add an SSH o r TELNET interface to the CSV file : Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD . 2 NODE- SSH- INTERFACE for SSH interfaces NODE- TELNET-INTERFAC E for T ELNET interfac[...]
-
Page 161
Chapter 8 : Nod es, Node Groups, and Interfaces 143 Column number Tag or value Details 6 TCP Port Default is 5900. 7 Service Account Nam e Optional. Leave blank if specif yi n g password. 8 Password Optional. Leave blank if specif yi n g service account. 9 Description Optional. To add a DR AC KVM, DRAC Pow er, ILO KVM , ILO Power, Integrity ILO2 Po[...]
-
Page 162
Chapter 8 : Nod es, Node Groups, and Interfaces 144 Column number Tag or value Details 7 Usernam e You must enter either a ser vice account or a usern ame and password. Leave blank if specifying service account. 8 Password You must enter either a ser vice account or a usern ame and password. Leave blank if specifying service account. 9 Description [...]
-
Page 163
Chapter 8 : Nod es, Node Groups, and Interfaces 145 Column number Tag or value Details 10 Description Optional. To add an IPM I power control interface to the CSV file: Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD . 2 NODE- IPMI-INTERFACE Enter the tag as sho wn. Tags are not case se nsitive. 3 Node N[...]
-
Page 164
Chapter 8 : Nod es, Node Groups, and In terface s 146 Column number Tag or value Details 5 Powerstrip Nam e Required field. 6 Outlet Required field. 7 Managing Device The nam e of the device that the power strip is connecte d to. Required field for a ll power strips except Dominion PX. 8 Managing Port The nam e of the port on the device that the po[...]
-
Page 165
Chapter 8 : Nod es, Node Groups, and Interfaces 147 Column number Tag or value Details 12 Description Optional. To add a Pow er IQ Proxy pow er control interface to the CSV file: See Power Control of Power IQ IT Devices (on pag e 337) for deta ils about configuring this interface type. Column number Tag or value Details 1 ADD The first c olu mn f o[...]
-
Page 166
Chapter 8 : Nod es, Node Groups, and Interfaces 148 To assign categori es and elements to a node to the CSV file: Categories and elem ents must alread y be created in CC -SG. You can assign m ultiple elem ents of the same category to a node in the CSV file. Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD[...]
-
Page 167
Chapter 8 : Nod es, Node Groups, an d I nterface s 149 If the file is not valid, an error m essage appears. Click O K and look at the Problem s area of the page f or a description of the problems with the file. Click Save to Fi le to save the proble m s list. Correct your C SV file and then tr y to validate it again. See Troubleshoot CSV File P[...]
-
Page 168
Chapter 8 : Nod es, Node Groups, and Interfaces 150 7. Import the .csv file. Se e Import Nodes (on page 148). A dding, Editing, and Dele ting Node Groups Node Groups Overv iew Node groups are use d to organize nodes into a set. The node gro up will become the basis for a polic y either allowing or de nying access to this particular set of nodes. Se[...]
-
Page 169
Chapter 8 : Nod es, Node Groups, and Interfaces 151 Add a Node Group To add a nod e group: 1. Choose Associations > Node Group. T he Node Groups Manager window appears 2. Choose Groups > Ne w. A tem plate for a node group a ppears. 3. In the Group Nam e field, type a nam e for a node group you want to create. See Naming Con ventions ( on page[...]
-
Page 170
Chapter 8 : Nod es, Node Groups, and Interfaces 152 To remove a node fr om the group, select the node nam e in the Selected list and click Remove. You can search for a n ode in either the Avai lable or Selected list. T y pe the se arch term s in the field belo w the list, and then click Go 4. If you want to create a p olicy that allows acce[...]
-
Page 171
Chapter 8 : Nod es, Node Groups, and Interfaces 153 An example rule m ight be Departm ent = Engineering, m eaning it describes all nodes that the category “Departm ent” set to “Engineering.” T his is exact l y what happens when you configure the associations dur ing an Add Node operat ion. 4. If you want to add anot her rule, click the Add [...]
-
Page 172
Chapter 8 : Nod es, Node Groups, and Interfaces 154 Note: You should have a space before and after operators & and |. Otherwise, the Short Expre ssion field may return t o the default expression, that is, Ru le0 & Rule1 & Rule2 an d so on, when you delete any rule from the table. 6. Click Validate when a desc ription has be en written i[...]
-
Page 173
Chapter 8 : Nod es, Node Groups, and Interfaces 155[...]
-
Page 174
156 User accounts are crea ted so that users can be assigned a usernam e and password to acces s CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges t o users them selves, only to user groups. A ll users must belong to at leas t one user group. CC -SG m aintains a centralized user l ist and user group l ist[...]
-
Page 175
Chapter 9 : U s ers and User Groups 157 The Users Tab Click the Users tab to d isplay all user groups a nd users in CC -SG. Users are nested un derneath the user gro ups to which the y belong. User groups with users assigned to them appear in the list with a + symbol next to them. Click the + to expand or col lapse the l ist. Active users - those c[...]
-
Page 176
Chapter 9 : U sers and User Groups 158 Default User Groups CC -SG is configured with three defau lt user groups: C C-Super Us er, System Adm inistrators, and CC Users. CC Super-User Group The CC Super-Us er group has f ull administrative and access privileges. Only one user can be a mem ber of this group. T he default usernam e is admin . You can c[...]
-
Page 177
Chapter 9 : U s ers and User Groups 159 A dding, Editing, and Dele ting User Groups Add a User Group Creating user groups f irst will help you organize users when the users are added. W hen a user group is created , a set of privileges is ass igned to the user group. Us ers assigned to the group will inherit those privileges. For exam ple, if you c[...]
-
Page 178
Chapter 9 : U sers and User Groups 160 The All Policies table l ists all the policies available on CC -SG. Eac h policy represents a rule al lowing or denying acces s to a group of nodes. See Policie s for Access Control (on page 17 5) for details on policies and ho w they are created. 9. In the All Policies list, sel ect a policy that you want to [...]
-
Page 179
Chapter 9 : U s ers and User Groups 161 7. Select the check box that corresponds to each privilege you want t o assign to the user gro up. Deselect a pri vilege to remove it from the group. 8. In the Node Acces s area, click the drop -down m enu for each kind of interface you want this group to have access through and select Control. 9. Click the d[...]
-
Page 180
Chapter 9 : U sers and User Groups 162 Limit the Number of KVM Sessions per User You can lim it the number of KVM sessions allowed per user for s essions with Dominion KXII, KSXII and KX (KX 1) devices. T his prevents any single user from using all available channe ls at once. W hen a user attempts a connection to a node that would ex ceed the limi[...]
-
Page 181
Chapter 9 : U s ers and User Groups 163 2. Select the Require Us ers to Enter Access Information W hen Connecting to a Node ch eckbox. 3. In the Message to Users field, enter a m essage that users will see when attempting to access a node. A def ault message is prov ided. 256 character m aximum. 4. Move the user groups t o enable access aud iting f[...]
-
Page 182
Chapter 9 : U sers and User Groups 164 If strong passwords are enabled, the passwor d entered must conform to the establ ished rules. The i nformation bar at the top of the screen will display mes sages to assist wit h the password requirements. See Advanced Administration (on page 237) for details on strong password s. 8. Select the Force Pass wor[...]
-
Page 183
Chapter 9 : U s ers and User Groups 165 4. In the New Pass word and Retype Ne w Password fields, t ype a new password to change this us er's password. Note: If Strong Passwords are enabled, the pass word entered mus t conform to the esta blished rules. The i nformation bar at the top of the screen will assist w ith the password requ irements. [...]
-
Page 184
Chapter 9 : U sers and User Groups 166 4. Users who are not as signed to the target group appear in the Users not in group list. Select the users you want to add f rom this list, and th en click > to move them to the Users in group list. Click the >> button t o move all users not in the group to the Users in group list. Select [...]
-
Page 185
Chapter 9 : U s ers and User Groups 167 Users CSV File R equirements The im port enables you to add user grou ps, users, and AD m odules, and assign policies and perm issions a nd user groups. Policies must alread y be created in CC -SG. T he import assigns the policy to a user group. You cannot create ne w policies via import. User Group n[...]
-
Page 186
Chapter 9 : U sers and User Groups 168 Column number Tag or value Details 2 USERGROUP-PERMISSION S Enter the tag as sho wn. Tags are not case se nsitive. 3 User Group Nam e Required field. User G roup names are case sensitive. 4 CC Setup and Contr ol TRUE or FALSE 5 Device Configuration Upgrade Managem ent TRUE or FALSE 6 Device Port Node Managemen[...]
-
Page 187
Chapter 9 : U s ers and User Groups 169 Column number Tag or value Details command ADD . 2 USERGROUP-ADMODULE Enter the tag as sho wn. Tags are not case se nsitive. 3 User Group Nam e Required field. User G roup names are case sensitive. 4 AD Module Nam e Required field. To add a user to CC- SG: Column number Tag or value Details 1 ADD The first c [...]
-
Page 188
Chapter 9 : U sers and User Groups 170 Column number Tag or value Details Periodically is set to T RUE, specif y the number of days after which password m ust be changed. Enter just the num ber, from 1 to 365 . To add a user to a user group: Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD . 2 USERGROUP-M[...]
-
Page 189
Chapter 9 : U s ers and User Groups 171 Import Users Once you've created the C SV file, validate it to check for errors then import it. Duplicate records are sk ipped and are not added. 1. Choose Administrat ion > Import > Im port Users. 2. Click Browse and selec t the CSV file to im port. Click Open. 3. Click Validate. The A nalysis Rep[...]
-
Page 190
Chapter 9 : U sers and User Groups 172 Your User Profile My Profile allows all users to view details abo ut their account, cha nge some details, and custom ize usab ility settings. It is the only way for the CC Super User accou nt to change the acc ount name. To view your profile: Choose Secure Gate way > My Profile. T he Change My Profile s cre[...]
-
Page 191
Chapter 9 : U s ers and User Groups 173 Find Matching String - Does not sup port the use of wildcards and will highlight the closes t match in the nod es, users, or devices as you type. The list will b e limited to those item s that contain the search criteria after c licking Search. 3. Click OK to save your changes. Change the CC- SG default f[...]
-
Page 192
Chapter 9 : U sers and User Groups 174 To log ou t all users of a User Group: 1. In the Users tab, select the user group you want t o log out of CC -SG. To log out m ultiple user groups, hold the Shift k ey as you click additional user groups. 2. Choose Users > User G roup Manager > Log out Users. T he Logout Users scr een appears with a [...]
-
Page 193
175 Policies are rules that def ine which nodes and dev ices users c an access, when they can acces s them , and whether virtual-m edia perm issions are enabled, where applicab le. The easiest wa y to create policies is to categorize your no des and devices into node groups and device gro ups, and then create policies t hat allow and den y access t[...]
-
Page 194
Chapter 10 : Policies for Access Co ntrol 176 A dding a Polic y If you create a polic y that denies access (Deny) to a node group or device group, you also must create a polic y that allows access (Control) for the selected n ode group or de vice group. Users will not automatically receive Control rights when the Den y policy is not in effect. To a[...]
-
Page 195
Chapter 10 : P olicies for Acc es s Control 177 14. If you selected Control in the Device/Node Acc ess Perm ission field, the Virtual Media Perm ission section will becom e enabled. In th e Virtual Media Perm ission field, select an opt ion to allow or den y access to virtual m edia available in the selected node or device groups for the designat e[...]
-
Page 196
Chapter 10 : Policies for Access Co ntrol 178 9. Select the check box that corresponds to each day you want this policy to cover. 10. In the Start Tim e field, type the tim e of day this policy goes into effect. The tim e must be in 24-Hour f ormat. 11. In the End Tim e field, type the time of day this polic y ends. The time must be in 24-H our for[...]
-
Page 197
Chapter 10 : P olicies for Acc es s Control 179 Support for Virtual Media CC -SG provides rem ote virtual media support for nodes connected to virtual media-enable d KX2, KSX2, and KX2 -101 devic es. For detailed instructions on acces sing virtual media with your device, see: Dominion KX II User Guid e Dominion KSX II Use r Guide Domini[...]
-
Page 198
180 Custom Views enab le you to specif y different ways to displa y the nodes and devices in the lef t panel, using Cate gories, Node Groups, an d Device Groups. In This Chapter T y pes of Custom Views ......................................................................... 180 Using Custom Views in the Adm in Client ..............................[...]
-
Page 199
Chapter 11 : Cu stom Views for Dev ic es and Node s 181 Using Custom Views in the Admin Client Custom Views for Node s Add a Custom View for Nodes To add a custom v iew for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Chan ge View > Create C ustom View. T he Custom View screen appears . 3. In the Custom View pa nel, click Add. The Add Cus[...]
-
Page 200
Chapter 11 : Cu stom Views for Dev ic es and N odes 182 2. Click the Nam e drop-down arrow an d select a custom view from the list. 3. Click Apply View. or Choose Nodes > Chan ge View. All defined c ustom views are opt ions in the pop-up m enu. Choose the custom view you want to appl y. Change a Custom View for Nodes 1. Click the Nodes tab. [...]
-
Page 201
Chapter 11 : Cu stom Views for Dev ic es and Node s 183 2. Choose Nodes > Chan ge View > Create C ustom View. T he Custom View screen appears . 3. Click the Nam e drop-down arrow, an d select a custom view from the list. Details of the item s included and their ord er appear in the Custom View Deta ils panel 4. In the Custom View pa nel, clic[...]
-
Page 202
Chapter 11 : Cu stom Views for Dev ic es and Node s 184 3. In the Custom View pa nel, click Add. The Add Custom Vie w window appears. 4. T y pe a n ame f or the new custom view in the Custom View Nam e field. 5. In the Custom View T ype section: Select Filter b y Device Group to create a cus tom view that displays only the de vice groups you sp[...]
-
Page 203
Chapter 11 : Cu st om View s for Devices and Nodes 185 2. Choose Devices > Change View > Creat e Custom View. The Custom View screen appears. 3. Click the Nam e drop-down arrow, an d select a custom view from the list. Details of the item s included and their o rder appea r in the Custom View Deta ils panel. To change a custom v iew's na[...]
-
Page 204
Chapter 11 : Cu stom Views for Dev ic es and Node s 186 Assign a Default Custom View for Devices To assign a default cu stom view for devices: 1. Click the Devices tab. 2. Choose Devices > Change View > Creat e Custom View. The Custom View screen appears. 3. Click the Nam e drop-down arrow, an d select a custom view from the list. 4. In the C[...]
-
Page 205
187 In This Chapter Authentication and Au thorization (AA) Overvi ew .................................. 187 Distinguished Nam es for LDAP and AD ................................................ 188 Specifying Modules f or Authentication and Aut horization ..................... 189 Establishing Order of External AA Servers ..........................[...]
-
Page 206
Chapter 12 : Re m ote Authenticatio n 188 2. CC -SG connects to t he external server and se nds the usernam e and password. 3. Usernam e and password are either accept ed or rejected and sen t back. If authenticatio n is rejected, this resu lts in a failed login attempt. 4. If authentication is succ essful, authorization is perf ormed. CC -SG check[...]
-
Page 207
Chapter 12 : Re m ote Authent ic atio n 189 Specify a Distinguished N ame for LD AP Distinguished Nam es for Netscape LDA P and eDirector y LDAP should follow this structure: user id (uid), organi zational unit (ou), organ ization (o) Specify a Username fo r AD W hen authenticating CC-SG users on an AD server by specif ying cn=administrator,cn=[...]
-
Page 208
Chapter 12 : Re m ote Authenticatio n 190 Establishing Order of External AA S ervers CC -SG will quer y the configured external authori zation and authentication servers in the order that you specify. If the first check ed option is unavailable, CC -SG will tr y the second, then the third, and so on, until it is successf ul. To establish the ord er[...]
-
Page 209
Chapter 12 : Re m ote Authe ntication 191 5. T y pe a n ame f or the AD server in the Module n ame field. The maxim um number of characters is 31. All printable charact ers may be used. The module nam e is optional and is specified only to distinguish this AD server m odule from an y others that you configure in CC -SG. The nam e is not[...]
-
Page 210
Chapter 12 : Re m ote Authenticatio n 192 UserNam e@raritan.com Raritan/UserNam e Note: The user spec ified must have perm ission to execute search queries in the AD dom ain. For example, the user may belong to a group within AD that has Group scope se t to Global, and Group type set to Security. 5. T y pe the password for the user account [...]
-
Page 211
Chapter 12 : Re m ote Authe ntication 193 5. T y pe a user' s attributes in t he Filter field so the se arch query will be restricted to only those entries that m eet this criterion. The default filter is objectclass=user, which means that on ly entries of the t ype user are searched. 6. Specify the wa y in which the search quer y will be perf[...]
-
Page 212
Chapter 12 : Re m ote Authenticatio n 194 3. T y pe a user' s attributes in t he Filter field so the se arch query for the user in the group will be restricted to onl y those entries that m eet th is criterion. For exam ple, if you specify cn=Groups,dc=rarit an,dc=com as the Base DN and (objectc lass=group) as the F ilter, then all entries tha[...]
-
Page 213
Chapter 12 : Re m ote Authe ntication 195 Editing an AD Module Once you have configure d AD modules, you can edit them at any time. To edit an AD module: 1. Choose Administrat ion > Security. 2. Click the Authenticatio n tab. All configured external Authorizat ion and Authentication Ser vers appear in a t able. 3. Select the AD m odule you want [...]
-
Page 214
Chapter 12 : Re m ote Authenticatio n 196 2. Click the Authenticatio n tab. All configured Authorization and Authentication Ser vers appear in a tabl e. 3. Select the AD server whose AD user grou ps you want to im port. 4. Click Import AD User Gr oups to retrieve a list of user group values stored on the AD serv er. If any of the user groups are no[...]
-
Page 215
Chapter 12 : Re m ote Authe ntication 197 Synchronizing AD with CC- SG There are several m ethods for s ynchronizing the inform ation on CC- SG with the inform ation on your AD serv er. Daily synchronization of all m odules: You can enable scheduled synchronization to a llow CC-SG to s ynchronize all AD modules dail y at the time you choose. S [...]
-
Page 216
Chapter 12 : Re m ote Authenticatio n 198 Synchronize All User Groups w ith AD You should synchron ize all user groups if you have made a change to a user group, such as m oving a user group from one AD m odule to another. You can also c hange the AD ass ociation of a user group manually, in the User Gr oup Profile's Active Director y Associat[...]
-
Page 217
Chapter 12 : Re m ote Authe ntication 199 Synchronize All AD Modules You should synchron ize all AD Modules when ever you change or de lete a user in AD, change user perm issions in AD, or mak e changes to a domain controller. W hen y ou synchronize a ll AD modules, CC -SG retri eves the user groups for all configured AD m odules, com pares their n[...]
-
Page 218
Chapter 12 : Re m ote Authentication 200 To disable dail y synchronization of all AD modules: 1. Choose Administrat ion > Security. 2. Click the Authenticatio n tab. All configured Authorization and Authentication Ser vers appear in a tabl e. 3. Deselect the Dail y synchronization of All Modu les checkbox. 4. Click Update to save your changes. C[...]
-
Page 219
Chapter 12 : Re m ote Authe ntication 201 Renaming and Moving AD Groups Renaming a group in AD: W hen an A D group that ha s been im ported into CC-S G changes its name in AD, CC-SG re ports a warning in t he Audit Trail when the name change is detected, either at synchronizatio n or when an aff ected AD user logs in for the f irst time after. &quo[...]
-
Page 220
Chapter 12 : Re m ote Authenticatio n 202 LDAP General Settings 1. Click the General tab. 2. T y pe the IP address or hos tname of the LDAP server in the IP Address/Hostnam e field. See Te rminology/Acronym s (on page 2) for hostnam e rules. 3. T y pe the port value in the Port f ield. The default port is 389. 4. Select "LDAP over S SL" i[...]
-
Page 221
Chapter 12 : Re m ote Authe ntication 203 2. Select Base 64 if you want the password to be se nt to the LDA P server with encr yption. Select Plain Tex t if you want the pass word to be sent to the LDAP serv er as plain text. 3. Default Digest: selec t the default encr yption of user passwords. 4. T y pe the user attribute and group members hip att[...]
-
Page 222
Chapter 12 : Re m ote Authent ic atio n 204 OpenLDAP (eDirecto ry) Configuration Setting s If using an OpenLD AP server for r emote authentication, use th is example: Parameter Name Open LDAP Paramete rs IP Address/Hostnam e <Directory Server I P Address> User Nam e CN=<Valid user id>, O =<Organization> Password <Password> U[...]
-
Page 223
Chapter 12 : Re m ote Authe ntication 205 A bout T ACA CS+ and CC- SG CC -SG users who are rem otel y authenticated by a T ACACS+ ser ver must be created on the TACACS+ server a nd on CC- SG. The user nam e on the TACACS + server and on CC -SG must be the s ame, although the passwords m ay be different. See Us ers and User G roups (on page 156 ). A[...]
-
Page 224
Chapter 12 : Re m ote Authenticatio n 206 A bout R ADIUS and CC- SG CC -SG users who are rem otel y authenticated by a RADIUS ser ver must be created on the R ADIUS server and o n CC-SG. The user nam e on the RADIUS server an d on CC-SG m ust be the sam e, although the passwords m ay be different. See Us ers and User G roups (on page 156 ). A dd a [...]
-
Page 225
Chapter 12 : Re m ote Authe ntication 207 Two-Factor A u thenticatio n Using R A DI US By using an RSA RADIU S Server that supp orts two-f actor authentication in conjunction with an R SA Authentication Man ager, CC -SG can m ake use of two-fac tor authentication schem es with dynam ic tokens. In such an environm ent, users logs into CC-SG b y firs[...]
-
Page 226
208 In This Chapter Using Reports ........................................................................................ 208 Audit Trail Report ................................................................................... 210 Error Log Report .................................................................................... 211 Access Rep[...]
-
Page 227
Chapter 13 : Rep orts 209 View Report Deta ils Double-click a ro w to view details of the report. W hen a row i s highlighted, press the Enter key to view details. All details of the selecte d report displa y in a dialog that appears, not just the details you can view in the report scr een. For example, the Acces s Report screen for nodes d[...]
-
Page 228
Chapter 13 : Re ports 210 Purge a Report's Data F rom CC - SG You can purge the data that appears in the A udit Trail and Error Lo g reports. Purging these rep orts deletes all d ata that satisf y the search criteria used. For exam ple, if you search f or all Audit Trail entries f rom March 26, 2008 throug h March 27, 2008, o nl y those record[...]
-
Page 229
Chapter 13 : Rep orts 211 3. You can limit the data that the report will contain by entering additional param eters in the Message T ype, Message, Usernam e, and User IP address f ields. Wildcards are acc epted in these fields except for the Mess age Type field. To limit the report to a type of mes sage, select a type i n the Message T ype fiel[...]
-
Page 230
Chapter 13 : Re ports 212 Click Purge to delete t he Error Log. See Purge a Repo rt's Data from CC- SG (on page 210) . A ccess Report Generate the Access report to view inf ormation about acces sed devices and nodes, when the y were accessed, and the us er who accessed them . To generate the Access Report: 1. Choose Reports > Access Rep[...]
-
Page 231
Chapter 13 : Rep orts 213 3. Click Apply. A ctive Users Report The Active Users report displays current users and user sess ions. You can select active users from the report and discon nect them f rom CC -SG. To generate the Active Users report: Choose Reports > Users > Active Users. To disconnect a use r from an active sess ion in CC -SG[...]
-
Page 232
Chapter 13 : Re ports 214 The Password Expirat ion field displa y s the num ber of days that the user can use the sam e password before being forced to change it. See Add a User (on pa ge 163). The Groups field disp lays the user groups t o which the user belongs. The Privileges field displ ays the CC- SG privileges assi gned to the use[...]
-
Page 233
Chapter 13 : Rep orts 215 Device Group Data Report The Device Group Data report displa y s device grou p inform at ion. To generate the Device Group Data report: 1. Choose Reports > D evices > Device Gr oup Data. 2. Double-click a ro w to display the list of devices in the group. Query Port Report The Query Port Report d isplays all ports ac [...]
-
Page 234
Chapter 13 : Re ports 216 State Type Port State Definition been configured. 3. Select Ghosted Ports to include ports that are ghosted. A ghosted port can occur when a CI M or target server is removed f rom a Paragon s y s tem or powere d off (m anually or accidentally). See Raritan's Paragon II User Guide. Optional. 4. Select Paused Ports or L[...]
-
Page 235
Chapter 13 : Rep orts 217 3. The URL colum n contains direct links to each node. You can use this inform ation to create a web page with link s to each node, instead of bookmark ing each node individuall y. See Bookmarki ng an Interface (on page 136). A ctive Nodes Report The Active Nodes rep ort includes the nam e and t ype of each active interfac[...]
-
Page 236
Chapter 13 : Re ports 218 Node Group Data Report The Node Group Da ta report displays the list of nodes that belong to each group, the user grou ps that h ave access to eac h node group, and, if applicable, the rules t hat define the node grou p. The list of nodes is in the report details, which you can view b y double-click ing a row in the report[...]
-
Page 237
Chapter 13 : Rep orts 219 Scheduled Reports Scheduled Reports d isplays reports th at were scheduled in th e Task Manager. You can find the Upgrade De vice Firmware r eports and Restart Device reports in the Scheduled Reports screen. Schedu led reports can be viewed in HT ML format only. See T ask Manager (on page 278). To access scheduled reports:[...]
-
Page 238
Chapter 13 : Re ports 220 Upgrade Device Firmware Report The Upgrade Device F irmware report is loc ated in the Schedule d Reports list. This report is generated when an U pgrade Device Firm ware task is running. View the re port to get real- time s tatus information about the task. O nce the task has com pleted, the report i nform ation is static.[...]
-
Page 239
221 In This Chapter Maintenance Mode ................................................................................ 221 Entering Maintenanc e Mode .................................................................. 222 Exiting Maintenance Mo de ................................................................ .... 222 Backing Up CC- SG ............[...]
-
Page 240
Chapter 14 : Syst em Ma intenance 222 Entering Maintenance Mode 1. Choose S y st em Maintenan ce > Maintenance Mode > Enter Maintenance Mode. 2. Password: T ype your password. Only users with the CC Setup and Control privilege can en ter m aintenance mode. 3. Broadcast mess age: Type the mess age that will display to users who will be logged [...]
-
Page 241
Chapter 14 : S ystem Mainte nance 223 4. Select a Backup T ype: Full or Standard. See What is th e difference between Full backup and Standard backup? (on pa ge 224) 5. To save a cop y of this backup file to an ext ernal server, select t he Backup to Rem ote Location check box. Optional. a. Select a Protocol use d to connect to the rem ote server, [...]
-
Page 242
Chapter 14 : Syst em Ma intenance 224 What is the differen ce betw een Full backup and Standard bac kup? Standard backup: A standard back up includes all data in all fie lds of all CCSG pages, except for data in the fol lowing pages: Administration > Conf iguration Manager > Net work tab Administration > Cluster C onfiguration CCSG[...]
-
Page 243
Chapter 14 : S ystem Mainte nance 225 3. Click OK to delete the b ackup from the CC-SG s y stem . Restoring CC- SG You can restore CC -SG using a back up file that you created. Important: T he Neighborhood configuration is in cluded in the CC -SG backup file so make sure you rem ember or note do wn its setting at the backup t ime. This is helpful f[...]
-
Page 244
Chapter 14 : Syst em Mainten ance 226 Restore Data - CC - SG configuration, Dev ice and Node configuration, and User Dat a. Selecting Data res tores the Standard back up portion of a Full back up file. See What is the difference between F ull backup and Stand ard backup? (on page 224) Restore Logs - Error logs and event reports stored on CC[...]
-
Page 245
Chapter 14 : S ystem Mainte nance 227 Option Description Full Database This option rem oves the existing CC -SG database a nd builds a new version with the f actory default values. Network settings, SNMP agents, firm ware, and Diagnostic Co nsole settings are no t part of the CC-SG d atabase. The SNMP configuratio n and traps are rese t. The SN MP [...]
-
Page 246
Chapter 14 : Syst em Ma intenance 228 Option Description Read-write C omm unity: private System Contact, Name, Loc ation: none SNMP T rap Configuration SNMP T rap Destinations Default Firm ware This option resets a ll device firmware files to factory def aults. This option does not change the CC -SG database. Upload Firm ware to Dat[...]
-
Page 247
Chapter 14 : S ystem Mainte nance 229 Restarting CC- SG The restart com mand is used to restart the CC -SG sof tware. Restarting CC -SG will log all acti ve users out of CC -SG. Restarting will not c ycle power to the CC- SG. To perf orm a full reboot, you must acc ess Diagnostic Console or the p ower switch on the CC - SG unit. 1. Choose S y st em[...]
-
Page 248
Chapter 14 : Syst em Ma intenan ce 230 CC -SG will reboot as p art of the upg rade process. DO NO T stop the process, reboot the un it manually, pow er off, or power cycle the unit during the upgrade To upg rade CC-SG: 1. Download the firm ware file to your client PC . 2. Log into the CC-SG Admin Client using an account that has th e CC Setup and C[...]
-
Page 249
Chapter 14 : S ystem Mainte nance 231 10. Clear the Java cache. See Clear the Java Cache (on page 23 1). 11. Launch a new web bro wser window. 12. Log into the CC-SG Admin Client using an account that has th e CC Setup and Control pri vilege. 13. Choose Help > About Raritan Secure Gat eway. Check the versio n number to verif y that the upgrade w[...]
-
Page 250
Chapter 14 : Syst em Ma intenance 232 Upgrading a Cluster To upgrade a CC- SG cluster, f ollow this recomm ended upgrade procedure. Onl y physical CC-SG un its can be in a clus ter. A CC-SG cluster license is a special k ind of license file that the 2 CC -SG units in the cluster share. See Clust er Licenses (on page 261 ) f or details. If the upgra[...]
-
Page 251
Chapter 14 : S ystem Mainte nance 233 Primary Node Upgr ade Failure If the upgrade of your primary node fails while f ollowing the Upgrading a Cluster (on page 232 ) procedure, fol low these steps to c omplete the cluster upgrade. 1. If the primar y node upgrade f ails, shutdown the CC -S G application by choosing System Maintenance > Shutdo wn.[...]
-
Page 252
Chapter 14 : Syst em Ma intenance 234 Note: The CC-SG th at you are migrating to must have its own val id licenses to be fully operat ional. A valid license is not required to complete the Full Restore . 5. Resume m anagement of all devices. You ca n schedule a task to resum e all devices, if you are using CC -SG firm ware version 5.1 or higher. Se[...]
-
Page 253
Chapter 14 : S ystem Mainte nance 235 Restarting CC-SG after Shutdown After shutting down CC -SG, use one of these two m ethods to restart the unit: Use the Diagnostic Conso le. See R estart CC-SG wit h Diagnostic Console (on page 3 15). Recycle the power to your CC- SG unit. Powering Down CC- SG If CC-SG loses AC po wer while it is up and [...]
-
Page 254
Chapter 14 : Syst em Ma intenance 236 2. Click Yes to log out of CC-SG. Once you log out, the CC -SG login window opens. Exit CC- SG 1. Choose Secure Gate way > Exit. 2. Click Yes to exit CC- SG.[...]
-
Page 255
237 In This Chapter Configuring a Mess age of the Da y ........................................................ 237 Configuring Applications for Accessing Nodes ................................ ...... 238 Configuring Default Ap plications ........................................................... 240 Managing Device Firm ware .....................[...]
-
Page 256
Chapter 15 : Advanced Administrat ion 238 c. Click the Font Si ze drop-down m enu and select a font size for the message text. If you select Message of the Day File: a. Click Browse to bro wse for the m essage file. b. Select the file in the di alog window that ope ns then click Open. c. Click Preview to re view the contents of the file. 4. Cli[...]
-
Page 257
Chapter 15 : A dvanced A dministrat ion 239 2. Click the Application nam e drop-do wn arrow and selec t the application that m ust be upgraded fr om the list. If you do not see the application, you m ust add it first. See Add an Applicat ion ( on page 239 ). 3. Click Browse, locate and select the applicatio n upgrade file from the dialog that appea[...]
-
Page 258
Chapter 15 : Advanced Administrat ion 240 5. Click OK. An Open di alog appears. 6. Navigate to and selec t the application f ile (usually a .jar or .cab f ile), and then click O pen. 7. The selected applicatio n loads onto CC -SG. Delete an Application To delete an applic ation: 1. Choose Administrat ion > Applications. 2. Select an application [...]
-
Page 259
Chapter 15 : A dvanced A dministra tion 241 View the Default Application Assignments To view the default application assignment s: 1. Choose Administrat ion > Applications. 2. Click the Default App lications tab to view and e dit the current defau lt applications for vario us Interfaces and Port T ypes. Applications liste d here will become the [...]
-
Page 260
Chapter 15 : Advanced Administrat ion 242 2. Click Add to add a ne w firmware file. A searc h window opens. 3. Navigate to and selec t the firm ware file you want to upload to CC -SG, and then c lick Open. W hen the upload completes, the ne w firmware appears in th e Firm ware Name field. Delete Firmw are To delete firmw are: 1. Choose Administrat [...]
-
Page 261
Chapter 15 : A dvanced A dministra tion 243 Model Primary L AN Name Primary L AN Location Secondary L A N Name Secondary L A N Location V1 -0 or V1 -1 LAN1 Left LAN port LAN2 Right LAN port E1 LAN Ports: Model Primary L AN Name Primary L AN Location Secondary L A N Name Secondary L A N Location E1 -0 Not labeled Top LAN port in set of 2 ports in ce[...]
-
Page 262
Chapter 15 : Advanced Administrat ion 244 If the Primar y LAN is connected and receiv ing a Link Integrit y signal, CC -SG uses this LAN p ort for all comm unications. If the Prim ary LAN loses Link Integrit y, and Secondary LAN is co nnected, CC -SG will failover its assigned I P address to the Seco ndary LAN. The Secondar y LAN will be used unti [...]
-
Page 263
Chapter 15 : A dvanced A dministra tion 245 6. Click the Adapter Spee d drop-do wn arrow and select a line sp eed from the list. Mak e sure your selection agrees with your switch's adapter port setting. If your switch uses 1 G ig line speed, sel ect Auto. 7. If you selected Auto in the Adapter Speed fie ld, the Adapter Mode field is disabled, [...]
-
Page 264
Chapter 15 : Advanced Administrat ion 246 What is IP Isolation mod e? IP Isolation mode all ows you to isolate cl ients from devices b y placing them on separate s ub-networks and forcing clients to ac cess the devices through CC-SG. In t his mode, CC- SG manages traf fic between the t wo separate IP dom ains. IP Isolation m ode does not offer fail[...]
-
Page 265
Chapter 15 : A dvanced A dministra tion 247 Specify at most one D efault Gateway in the N etwork Setup pan el in CC -SG. Use Diagnost ic Console to add m ore static routes if ne eded. See Edit Static Route s (on pa ge 310). To configu re IP Isolation mode in CC -SG: 1. Choose Administrat ion > Configuration. 2. Click the Network Setup tab. 3[...]
-
Page 266
Chapter 15 : Advanced Administrat ion 248 Re commended DHC P Configurations fo r CC- SG Review the following rec omm ended DHCP configurations. Mak e sure that your DHCP server is set up properl y before you configure CC -SG to use DHCP. Configure the DHC P to statically allocate CC -SG's I P address. Configure the DHC P and DNS server[...]
-
Page 267
Chapter 15 : A dvanced A dministra tion 249 Purge CC-SG's Inte rnal Log You can purge the C C-SG's internal log. This operation do es not delete any events recorded on your external log ser vers. Note: The Audit Tra il and Error Log reports are based on CC -SG's internal log. If you p urge CC-SG's internal log, these two reports[...]
-
Page 268
Chapter 15 : Advanced Administrat ion 250 Note: Network Time Protocol (NTP) is the prot ocol used to synchronize the attached computer's date an d time data with a referenced NTP server. W hen CC- SG is configured wit h NTP, it can synchronize its clock time with the public ly available NTP reference server to maintain correc t and consistent [...]
-
Page 269
Chapter 15 : A dvanced A dministra tion 251 Configure Direct M ode for All Client Connectio ns To configu re direct mode for all client connectio ns: 1. Choose Administrat ion > Configuration. 2. Click the Connection Mode tab. 3. Select Direct m ode. 4. Click Update Config uration. Configure Proxy M ode for All Client Connections To configu re p[...]
-
Page 270
Chapter 15 : Advanced Administrat ion 252 3. Select a Device T ype in the table and double -click the Default Port value. 4. T y pe the new Default Port value. 5. Click Update Config uration to save your changes. To configu re timeout duration for devices: 1. Choose Administrat ion > Configuration. 2. Click the Device Setti ngs tab. 3. T y pe a [...]
-
Page 271
Chapter 15 : A dvanced Ad m inistrat ion 253 Enabling the A K C Down load Server Certificate V alidation If you are using the AKC client, you can choos e to use the Enable A KC Download Server Certif icate Validation f eature or opt not to use this feature. Option 1: Do Not Enable AKC Dow nload Server Certificate Validation (default setting ) If yo[...]
-
Page 272
Chapter 15 : Advanced Administrat ion 254 3. Click OK. Configuring Custom JRE Settings CC -SG will displa y a warning m essage to users who attem pt to access CC -SG without the m inimum JRE versio n that you spec ify. Check the Compatibilit y Matrix for the m inimum supported JRE vers ion. Choose Administration > Com patibility Matrix. If a use[...]
-
Page 273
Chapter 15 : A dvanced A dministra tion 255 3. Click Restore Def ault. 4. Click Update. To clear the default m essage and minimum JR E version: 1. Choose Administrat ion > Configuration. Click the Custom JRE tab. 2. Click Clear. Configuring SNMP Simple Network Management Protocol allows C C-SG t o push SNMP traps (event notifications ) to an exi[...]
-
Page 274
Chapter 15 : Advanced Administrat ion 256 9. Select the check boxes before the traps you want CC- SG to push to your SNMP hosts: Un der Trap Sources, a list of SNMP traps grouped into t wo different categories: S ystem Log traps, which include notifications f or the status of the CC un it itself, such as a hard disk failure, an d Application Log tr[...]
-
Page 275
Chapter 15 : A dvanced A dministra tion 257 Requirements for CC- SG Clusters The Primar y and Secondary nodes in a cluster m ust be running the same firm ware version on the sam e hardware version ( V1 or E1). Your CC-SG net work must be in IP Fa ilover mode to be us ed for clustering. Clustering will not work with an I P Isolation m ode co[...]
-
Page 276
Chapter 15 : Advanced Administrat ion 258 5. T y pe a valid user name an d password for the B ackup node in the Usernam e for Backup Secure G ateway and Password f or Backup Secure Gatewa y fields. 6. Select the Redirect b y Hostnam e checkbox to specify that secondar y to primar y redirection access should be via DN S. Optio nal. See Access a CC-S[...]
-
Page 277
Chapter 15 : A dvanced A dministra tion 259 Switch the Primar y and Secondary Node Statu s You can exchange the r oles of Prim ary and Secondary nodes when the Secondary, or Back up, node is in the "Joined " state. When the Secondary node is in the "W aiting" state, switching is disabled. After the roles are s witched, the form [...]
-
Page 278
Chapter 15 : Advanced Administration 260 Note: If the clustered CC -SG units do not share the sa me time zone, when the Primary no de failure oc curs, and the Second ary node becomes the new Pri mary node, the time spec ified for Automatic Rebuild still follows t he time zone of the old Primary node. Delete a Cluster Deleting a cluster com pletely [...]
-
Page 279
Chapter 15 : A dvanced A dministra tion 261 Cluster Licenses You can operate a C C-SG cluster usin g separate stan dalone licenses with the same nod e capacity, or a cluster k it license. Cluster licenses diff er from standalone licens es in that the y contain the host IDs of both CC- SG units in the cl uster. Only one set of licenses is required t[...]
-
Page 280
Chapter 15 : Advanced Administrat ion 262 Configuring a Neighborhood What is a Neighborhoo d? A Neighborhood is a co llection of up to 10 CC -SG units . After setting up the Neighborhood in the Adm in Client, users can access multiple CC -SG units in the sam e Neighborhood with single s ign-on us ing the Access Client. Before setting up or managing[...]
-
Page 281
Chapter 15 : A dvanced A dministra tion 263 If one or more CC -SG units cannot be found, a m essage appears and these CC-SG u nits will be h ighlighted in yellow in the table. Remove these units or m odif y their IP addresses or hostnam es, and click Next again. 7. CC -SG displa ys a list of CC-SG un its along with their firm ware version and s[...]
-
Page 282
Chapter 15 : Advanced Administrat ion 264 Add a Neighborhood Member To add a new CC-SG unit into the Neighborhood 1. Choose Administrat ion > Neighborhood. 2. Click Add Mem ber. The Add Mem ber dialog appears. 3. Add CC-SG units. T he number of CC -SG units that can be added varies depending on the num ber of existing Neighborhood m embers. A Ne[...]
-
Page 283
Chapter 15 : A dvanced A dministra tion 265 To deactivate a CC- SG unit, deselect th e Active check box next to the unit. To change a Secure Gateway Nam e, click the nam e, type a new one and press Enter. T he nam e must be unique. To retrieve all CC- SG units' lates t data, click Ref resh Member Data. To always term inate user[...]
-
Page 284
Chapter 15 : Advanced Administrat ion 266 Refresh a Neighborhoo d You can retrieve the latest status of all Nei ghborhood m embers immediatel y in the Neighborhood Configur ation panel. 1. Choose Administrat ion > Neighborhood. 2. Click Refres h Member Data. 3. Click Send Update to s ave the changes and distribute the latest Neighborhood inform [...]
-
Page 285
Chapter 15 : A dvanced A dministra tion 2 67 Check Your Browser for AES Encryption CC -SG supports A ES-128 and AES- 256. If you do not know if your browser uses AES, c heck with the browser m anufacturer. You may also want to tr y navigating to the fol lowing web site usi ng the browser whose encr yption m ethod you want to check: https://www.fo r[...]
-
Page 286
Chapter 15 : Advanced Administrat ion 268 Click the Key Length drop -do wn arrow to select the en cryption level - 128 or 256. The CC-SG Port fie ld displays 80. The Browser Connecti on Protocol field disp lays HTTPS/SSL selected. 5. Click Update to save your changes. Configure Browser Conn ection Pro tocol: HTT P or HTTPS/SSL In Securi[...]
-
Page 287
Chapter 15 : A dvanced A dministra tion 269 Require strong passwords for all users 1. Choose Administrat ion > Security. 2. Click the Login Settings ta b. 3. Select the Strong Pass words Required for A ll Users check box. 4. Select a Maxim um Password Length. Pass words must conta in fewer than the maxim um number of characters . 5. Se lect a Pa[...]
-
Page 288
Chapter 15 : Advanced Administrat ion 270 Lockout settings Administrators can lock out CC-SG users and SSH users after a specified num ber of failed login attem pts. You can enable this f eature for locally authenticated users, for rem otely authenticated users , or for all users. Note: By default, the admin account is locked out for five minutes a[...]
-
Page 289
Chapter 15 : A dvanced A dministra tion 271 2. Open the Login Settings t ab. 3. Deselect the Lock out Enabled for Local Users checkbox to disabl e lockout for locall y authenticated users. Deselec t the Lockout Enabled for Remote Users checkbox to disable lock out for remotel y authenticated users. 4. Click Update to save your changes. Allow concur[...]
-
Page 290
Chapter 15 : Advanced Administrat ion 272 Logo A small graphic file ca n be uploaded to CC -SG to act as a banner on the login page. The m aximum size of the logo is 9 98 by 170 pixels. To upload a log o: 1. Click Browse in the Lo go area of the Portal tab. An Open dialog appears. 2. Select the graphic file you want to use as your logo in the dialo[...]
-
Page 291
Chapter 15 : A dvanced A dministra tion 273 Click Browse. A dialog window opens. In the dialog windo w, select the text file with the m essage you want to use, and then click Open. T he maximum length of the text mes sage is 10,000 characters. Click Preview to previe w the text contained in the file. The preview appears in the banner m [...]
-
Page 292
Chapter 15 : Advanced Administrat ion 274 a. Encryption Mode: If Require AES Encr yption between Client and Server is selected in the Adm inistration > Security > Encr y p tion screen, AES-128 is the default. If AES is not r equired, DES 3 is the default. b. Private Key Length: 102 4 is the default. c. Validity Period (da ys): Maxim um 4 nume[...]
-
Page 293
Chapter 15 : A dvanced A dministra tion 275 14. T y pe r aritan in the Passwor d field if the CSR was ge nerated by CC -SG. If a diff erent application generated t he CSR, us e the password for that app lication. Note: If the import ed certificate is sign ed by a root and subroot CA (certificate authority), using only a root or subroo t certificate[...]
-
Page 294
Chapter 15 : Advanced Administrat ion 276 Access Control List An IP Access Control List s pecifies ranges of client IP addresses f or which you want to de ny or allow access to C C- SG. Each entr y in the Access Control List becom es a rule that determ ines whether a user in a certain group, with a c ertain IP address, c an access CC -SG. You can a[...]
-
Page 295
Chapter 15 : A dvanced A dministra tion 277 6. Click the Action drop- down arrow and sel ect Allow or Den y to specif y whether the specified us ers in the IP range can ac cess CC -SG. 7. Click Update to save your changes. To change th e order in which CC-SG applies rules: 1. Choose Administrat ion > Security. 2. Click the Access Contr ol List t[...]
-
Page 296
Chapter 15 : Adv anced Administration 278 7. T y pe a valid email address that will identify m essages from CC -SG in the From f ield. 8. T y pe the number of tim es emails should be re- sent should the se nd process fail in the Send ing retries field. 9. T y pe the number of m inutes (from 1 -60) that should elapse b etween sending retries in the [...]
-
Page 297
Chapter 15 : A dvanced A dministra tion 279 Schedule Sequential T asks You may want to sc hedule task s sequentially to confirm that expected behavior occurred. F or exam ple, you may want to schedu le an Upgrade Device Firmware tas k for a given device group , and then schedule an Asset Managem ent Report task immediately after it to confirm that [...]
-
Page 298
Chapter 15 : Advanced Administrat ion 280 Schedule a Task This section covers m ost task s that can be scheduled. See Sch edule a Device Firmware Up grade (on page 282) for details on scheduling device firm ware upgrades. To schedule a task: 1. Choose Administrat ion > Tasks. 2. Click New. 3. In the Main tab, t ype a name and descript ion for th[...]
-
Page 299
Chapter 15 : A dvanced A dministra tion 281 Upgrade Device Fi rmware (indiv idual device or dev ice group): See Schedule a D evice Firmware Upgrade (on page 282 ) . Generate all reports: See Repo rts (on page 208) . 6. Click the Recurrence tab. The Recurre nce tab is disabled f or Upgrade Device Firm ware tasks. 7. In the Period field, cl i[...]
-
Page 300
Chapter 15 : Advanced Administrat ion 282 10. If a task fails, CC-SG c an retry the task at a later time as specif ied in the Retry tab. T ype the num ber of times CC -SG should retr y to execute the task in the Retry count field. T ype the time that should elapse between retries in the Retr y Interval field. Click the drop-do wn menu and select th[...]
-
Page 301
Chapter 15 : A dvanced A dministra tion 283 d. Concurrent Upgrades: Specif y t he number of devices that should begin the file transfer porti on of the upgra de simultaneousl y. Maximum is 10. As e ach file transfer com pletes, a new file transfer will begin, ensur ing that only the m aximum num ber of concurrent transfers occurs at once. e. Upgrad[...]
-
Page 302
Chapter 15 : Advanced Administrat ion 284 W hen the t ask starts running, you can open the Upgra de Device Firmware report an y time dur ing the scheduled tim e period to view the status of the upgra des. See Up grade Device Firm ware Report (on page 220). Change a Scheduled T ask You can change a sched uled task before it ru ns. To change a schedu[...]
-
Page 303
Chapter 15 : A dvanced Ad m inistrat ion 285 Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is curr ently running. To delete a task: Select the task, then cl ick Delete. SSH Access to CC- SG Use Secure Shell (S SH) clients, such as Putty or OpenSHH Client, to access a comm and line interfac[...]
-
Page 304
Chapter 15 : Advanced Administrat ion 286 To display all SSH comm ands: At the shell prom pt, type ls to display all com mands available. Get Help for SSH Comm ands You can get lim ited help for all comm ands at once. You can a lso get in -depth help o n a single com mand at a time. To get help fo r a single SSH command: 1. At the shell prom pt[...]
-
Page 305
Chapter 15 : A dvanced A dministra tion 287 SSH Commands and Parameters The following table lists all commands availabl e in SSH. You m ust be assigned the appropri ate privileges in CC- SG to acces s each comm and. Some comm ands have additional param eters that you m ust type to execute the comm and. For m ore information about how to t ype comma[...]
-
Page 306
Chapter 15 : Advanced Administrat ion 288 To search for text f rom piped output stream: grep search_term To view the help screen for all commands: help To list available dev ice configuratio n backups: listbackups <[-id <device_id>] | [host]> To list available dev ices: listdevices To list firmw are versions available for upgrade: listf[...]
-
Page 307
Chapter 15 : A dvanced A dministra tion 289 To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device conf iguration: restoredevice <[-host <host>] | [-id <device_id>]> [backup_id] To shutdow n CC-SG: shutdowncc minutes [message] To open an SSH connection to an SX dev ice: ssh [- e <escape_[...]
-
Page 308
Chapter 15 : Advanced Administrat ion 290 Command syntax Device ID value You should type ssh -id <device_id> 100 ssh -id 100 The default escape charact er is a tilde followed b y a period. For example: ~. See End SSH Connection s (on p age 292) for deta ils on using the escape character and the exit comm and. You may have problem s using [...]
-
Page 309
Chapter 15 : A dvanced A dministra tion 291 2. Connect to the de vice by typing ssh -id <device_ id> . Using the figure above as an example, you ca n connect to SX - 229 by typing ssh -id 1370 . Use SSH to Connect to a Node via a Serial Out - of - Band Interface You can use SSH to c onnect to a nod e through its assoc iated serial out - of -b[...]
-
Page 310
Chapter 15 : Advanced Administration 292 Command Alias Description get_write gw Gets Wr ite Access. Allows SSH user to execute comm ands at target server while browser user can onl y observe proceedings. get_history gh Gets History. Displa ys the last few commands and results at target server. send_break sb Sends Break. Break s the loop in target s[...]
-
Page 311
Chapter 15 : A dvanced A dministra tion 293 Serial Admin Port The serial adm in port on CC- SG can be connected dir ectly to a Raritan serial device, such as Dom inion SX or KSX. You can connect to the SX or KSX via the I P address using a term inal emulation program , such as H yperTerminal or PuTT Y. Set the baud rate in the term inal emulation p[...]
-
Page 312
Chapter 15 : Advanced Administrat ion 294 Finding Your CC -SG Serial Number To find your CC-SG serial number: 1. Log into the Adm in Client. 2. Choose Help > About Raritan Secure Gat eway. 3. A new window opens with your CC- SG serial num ber. Web Services API You must accept the E nd User Agreem ent before adding a W eb Services API client to C[...]
-
Page 313
Chapter 15 : A dvanced A dministra tion 295 e. State or Province: Maxim um 64 characters. Type in the whole state or province nam e. Do not abbreviate. f. City/Locality: CSR tag is Localit y Name. Maximum 64 characters. g. Registered Com pany Name: CSR ta g is Organization Nam e. Maximum 64 charac ters. h. Division/Departm ent Name: CSR tag is Orga[...]
-
Page 314
296 The Diagnostic Co nsole is a non- graphical, m enu-based interface that provides local access to CC-SG. You can access Diagnostic C onsole from a serial or KVM port. See Access Diagnostic Console via VGA/Keyboard/ Mouse Port ( on page 296 ). Or , you can access Diagnostic Console f rom a Secure Shell (S SH) client, such as PuTT Y or OpenSSH Cli[...]
-
Page 315
Chapter 16 : Diagn ostic Console 297 Status Console About Status Console You can use the Status Co nsole to check the health of CC -SG, the various services CC -SG uses, and the att ached net work. By default, Status Conso le does not require a pas sword. You can configure CC- SG to pro vide the Status Console inf ormation over a W eb i[...]
-
Page 316
Chapter 16 : Diag nostic Console 298 2: Access the Status Con sole via web b rowser: 1. Using a supported Inter net browser, t ype this URL: http(s)://<IP_address>/status/ where <IP_add ress> is the IP address of the C C-SG. Note the forward slash (/ ) following /status is mandator y. For exam ple, https://10.20.3.30/status/ . 2. A stat[...]
-
Page 317
Chapter 16 : Diagn ostic Console 299 CC -SG Title, Date and Time The CC-SG title is c onstant so users know that the y are connected to a CC -SG unit. The date and tim e at the top of the screen is the last tim e when the CC -SG data was po lled. The date and tim e reflect the tim ing values saved on the CC- SG server. Message of the Day The Messag[...]
-
Page 318
Chapter 16 : Diag nostic Console 300 Information Description suspended. Down Database server has n ot started yet. W eb Status Most of the access to the CC- SG server is through the W eb. This field shows the state of the W eb server and available statuses include: Responding/Unsecure d The W eb server is up and answering http (uns ecured) requests[...]
-
Page 319
Chapter 16 : Diagn ostic Console 301 Information Description Duplex Indicate whether the in terface is Full- or Half-duplex. IPAddr The current Ipv4 Address of this interf ace. RX -Pkts The num ber of IP packets received on this interface since CC -SG was booted. TX -Pkts The num ber of IP packets transm itted on this interface since CC -SG was boo[...]
-
Page 320
Chapter 16 : Diag nostic Console 302 Status Console via Web Browser After connecting to t he Status Console via th e web browser, the read-only Status Cons ole web page appears . The web page disp lays the same inform ation as the Status Console, an d also updates the inf ormation approxim ately every 5 sec onds. For inform ation on the links for C[...]
-
Page 321
Chapter 16 : Diagn ostic Console 303 A dministrator Console About Administrator Co nsole The Adm inistrator Console allows you to set some initial param eters, provide initial network ing configuration, debug lo g files, and perform some limited diagnostics and restarting CC -SG. The default login for th e Adm inistrator Console is: Username: a[...]
-
Page 322
Chapter 16 : Diag nostic Console 304 The main Administrat or Console screen ap pears. Administrator Console Screen Administrator Consol e screen consists of 4 m ain areas. Menu bar: You can perform Administrator Console f unctions by activating the menu bar. Press Ctrl +X to activate the m enu bar or click a menu item using the mouse if you acc[...]
-
Page 323
Chapter 16 : Diagn ostic Console 305 Status bar: Status bar is just abo ve the navigation ke ys bar. It displa y s s ome important s ystem information, includin g CC-SG's serial number, firmware version, an d the tim e when the information shown in the main display area was loaded or updated. Screenshots containing this information m ay be[...]
-
Page 324
Chapter 16 : Diag nostic Console 306 Edit Diagnostic Consol e Configuratio n The Diagnostic Consol e can be access ed via the serial port (CO M1), VGA/Keyboard/Mouse ( KVM) port, or f rom SSH clients. If you want to access Status Consol e, one m ore access mechanism , W eb acc ess, is also available. For each port t ype, you can configure whe ther [...]
-
Page 325
Chapter 16 : Diagn ostic Console 307 4. Click Save. Edit Network Interfa ces Configuration (Network Interfaces) In Network Interf ace Configuration, you can perform initial setup tasks, such as setting the hos tname and IP address of the CC -SG. 1. Choose Operation > N etwork Interfaces > Network Interfac e Config. 2. If the network interface[...]
-
Page 326
Chapter 16 : Diag nostic Console 308 Even if DHCP is be ing used to determ ine the IP configuration f or an interface, you m ust provide a properl y form atted IP addres s and Netmask . 6. In the Adapter Speed, s elect a line speed. T he other values of 10, 100, and 1000 Mbps are on a scrollable list ( where only one value is visible at an y gi[...]
-
Page 327
Chapter 16 : Diagn ostic Console 309 Option Description Record Route Records route. T urns on the IP record rout e option, which will store th e route of the packet inside the IP hea der. Use Broadcast Address Allows pinging a broadcast message. Adaptive Tim ing Adaptive ping. Interpac ket interval adapts to round-trip time, s o that effectivel y n[...]
-
Page 328
Chapter 16 : Diag nostic Console 310 Option Description No DNS Resolution Does not resolve addr esses to host names. Use ICMP (vs. norm al UDP) Use ICMP ECHO ins tead of UDP datagram s. 4. T y pe va lues for how m any hops the traceroute com mand will use in outgoing probe pack ets (default is 30), the UD P destination port to use in probes (defaul[...]
-
Page 329
Chapter 16 : Diagn ostic Console 311 Although you can delete all other routes, including the Default Ga teway, doing this will greatl y impact the comm unication with CC -SG.[...]
-
Page 330
Chapter 16 : Diag nostic Console 312 View Log Files in Diagnostic Consol e You can view one or m ore log files sim ultaneously via LogViewer, which allows browsing throu gh several files at once to examine s ystem activity. The Logfile list is updat ed only when the associ ated list becomes active, as when a user enters t he logfile list area, or w[...]
-
Page 331
Chapter 16 : Diagn ostic Console 313 3. Click with the m ouse or use the arro w ke y s t o navigate and press the Space bar to select a log file, m arking it with an X. You can view more than one log f ile at a tim e. To sort the Lo gfiles to View list: The Sort Logfile list b y options control the ord er in which logfiles are displayed in the Logf[...]
-
Page 332
Chapter 16 : Diag nostic Console 314 Option Description contents of this pack age is not available to cu stom er. Exported logfiles will be a vailable for up to 1 0 days, and then the system will automatically delete them . View View the selected log(s). W hen Vi e w is selected with Individual W indows, the LogViewer disp lays: W hile vi ewing[...]
-
Page 333
Chapter 16 : Diagn ostic Console 315 Note: System load is static as of the start of th is Admin Conso le session - use the TOP utility to dynamically mon itor system resources . To filter a log file w ith a regular expression: 1. T y pe e to add or edit a regular expr ession and select a lo g from the list if you have chosen t o view several. 2. T [...]
-
Page 334
Chapter 16 : Diag nostic Console 316 Diagnostic Console. See Restarting CC- SG (on page 229 ) . Restarting CC-SG in D iagnostic Con sole will NOT notify users that it is being restarted. To restart CC-SG w ith Diagnostic Con sole: 1. Choose Operation > Admin > CC- SG Restart. 2. Either click Restart CC-SG Application or pres s Enter. Confirm [...]
-
Page 335
Chapter 16 : Diagn ostic Console 317 2. Either click REBOOT System or press Enter to reboot CC -SG. Confirm the reboot in the next scr een to proceed. Power Off CC- SG System from Diagnosti c Console This option will power of f the CC-SG unit. Logged-in users will not receive a notification. CC -SG , SSH, and Diagnostic Co nsole users (including th[...]
-
Page 336
Chapter 16 : Diag nostic Console 318 2. Either click Power OFF the CC-SG or pr ess Enter to re move AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super- User Passw ord with Diagnostic Console This option will reset t he password for the CC Super Us er account to the factor y default value. Factory [...]
-
Page 337
Chapter 16 : Diagn ostic Console 319 2. Either click Reset CC-SG GUI Adm in Password or press Enter to change the adm in password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factor y Configuration This option will reset a ll or parts of the CC -SG s ystem back to their factor y default values. All [...]
-
Page 338
Chapter 16 : Diag nostic Console 320 Option Description Full CC-SG Databas e Reset This option rem oves the existing CC -SG database a nd builds a new version with the factor y default values . Network settings , SNMP settings, firmware, and diagnostic c onsole settings are not part of the CC -SG database. IP -ACL settings ar e reset with a Full Da[...]
-
Page 339
Chapter 16 : Diagn ostic Console 321 Option Description Diagnostic Console R eset This option restores D iagnostic Conso le settings back to f actory defaults. IP Access Control Lists Reset This option rem oves all entr ies from the IP-ACL t able. IP -ACL settings ar e reset with a Full Datab ase reset wheth er you select the IP Access Control List[...]
-
Page 340
Chapter 16 : Diag nostic Console 322 2. In the Password Hist ory Depth field, t ype the num ber of passwords that will be rem embered. The default setting is f ive. 3. Select either Regular, Random, or Strong for th e admin and status (if enabled) pass words. Password setting Description Regular These are standard. Passwords m ust be longer than f [...]
-
Page 341
Chapter 16 : Diagn ostic Console 323 Password setting Description every password m ust have at least one digit in it. Diagnostic Console Account Conf iguration By default, the status ac count does not require a p assword, but you can configure it to require o ne. Other aspects of the admin password c an be configured and the Fie ld Support accounts[...]
-
Page 342
Chapter 16 : Diag nostic Console 324 Setting Description User User Nam e (Read-onl y ). This is the curr ent user nam e or ID for this account. Last Changed (Read-onl y ). This is the date of the last password chan ge for this account. Expire (Read-onl y ). This is the da y that this account m ust change its password. Mode A configurable option i[...]
-
Page 343
Chapter 16 : Diagn ostic Console 325 Configure Remote S ystem M onitoring You can enable the rem ote s y st em m onitoring feature to use the G KrellM tool. The GKrellM too l provides a graph ical view of resourc e utilization on the CC-SG unit. T his tool is sim ilar to the W indows Task Manager's Performance tab. 1: Enable remote s ystem mon[...]
-
Page 344
Chapter 16 : Diag nostic Console 326 3: Configure the remot e system monitoring client to w ork with CC -SG: Follow the instructions in the Read Me file to set the CC -SG unit as t he target to monitor. W indows users must use the comm and line to locate the Gk rellm installation director y and then run the com mands specif ied in the Read. Display[...]
-
Page 345
Chapter 16 : Diagn ostic Console 327 Display R AID Status and Disk Utiliz ation This option displa ys the status of CC -SG disk s, including disk size, active and up status, state of the RAID-1, and amount of spa ce currently used by various file s ystems. To display disk statu s of the CC-SG: 1. Choose Operation > U tilities > Disk / RAID Ut[...]
-
Page 346
Chapter 16 : Diag nostic Console 328 Perform Disk or R AID Tests You can manuall y perform SMART disk drive tests or RAID chec k and repair operations. To perform a disk d rive test or a R AID check and re pair operation: 1. Choose Operation > U tilities > Disk/RAID Ut ilities > Manual Disk/RAID T ests. 2. To perform a SMART disk drive tes[...]
-
Page 347
Chapter 16 : Diagn ostic Conso le 329 d. After the test is com plete, you can view the resu lts in the Repair/Rebuild RAID screen. See R epair or Rebuild RAID Disks (on page 33 1). If a non- zero value displays in th e Mis-Match colum n for the given Arra y, indicating that there m ay be a problem , you should contact Rarita n Technical Support for[...]
-
Page 348
Chapter 16 : Diag nostic Console 330 Schedule Disk T ests You can schedule SMART -based tes ts of the disk drives to be periodically perf ormed. Firmware on the disk drive will perform these tests, and you can vie w the test results in the R epair/Rebuild screen. See Repair or Rebu ild RAID Dis ks (on pag e 3 31). SMART tests can be perform ed whil[...]
-
Page 349
Chapter 16 : Diagn ostic Console 331 2. Click with the m ouse or use the arro w keys to navigate and pres s the Space bar to select a t est type, m arking it with an X. Diff erent types of tests tak e a different period of time. A Short test takes about 2 m inutes to complete when the system is lightly loaded. A Conveyance test tak es about[...]
-
Page 350
Chapter 16 : Diag nostic Console 332 2. If any item does not sh ow "No" under the "Replace??" or "Rebu ild??" column, contact Rar itan Technical Support for assistance. A good s y st em: A contrived system showing multiple problem s: The s y stem will update d isplayed information when you move between Disk Dri[...]
-
Page 351
Chapter 16 : Diagn ostic Console 333 4. Selecting either Rep lace Disk Drive or Reb uild RAID Arra y, and follow onscreen instructi ons until you f inish the operati on. View To p Display with Diagnostic Consol e Top Display allows you to view the list of currently-ru nning processes and their attributes, as well as overall system health. To displa[...]
-
Page 352
Chapter 16 : Diag nostic Console 334 NTP is not enabled or n ot configured prop erly: NTP is properl y configured and running:[...]
-
Page 353
Chapter 16 : Diagn ostic Console 335 Take a System Snapshot W hen CC-SG does not function proper ly, it is extremely helpful if you can capture the inform ation stored in CC- SG, such as the s ystem logs, configurations or databas e, and provide it to R aritan Technical Supp ort for analysis and trou bleshooting. 1: Take a snapsho t of CC-SG: 1. Ch[...]
-
Page 354
Chapter 16 : Diag nostic Console 336 2: Retrieve the CC -SG snapshot file: 1. Using a supported Inter net browser, t ype this URL: http(s)://<IP_address>/upload/ where <IP_add ress> is the IP address of the C C-SG. Note the forward slash (/ ) following /upload is mandator y. For example, https://10.20.3.30/upload/ . 2. The Enter Network[...]
-
Page 355
337 If you have a CC- SG and Po wer IQ, there are severals wa ys to use them together. 1. Control power to Power IQ IT devices via CC -SG. For exam ple, if you want to control power to a P ower IQ IT device which is also a CC- SG node, you can use a Power IQ Prox y interface to give power control com mands in CC -SG. 2. Use CSV file im ports and ex[...]
-
Page 356
Chapter 17 : Power IQ Integration 338 Configuring Pow er IQ Services You must configure t he Power IQ Service bef ore you can ad d Power IQ proxy interfaces to nodes, or synchronize Po wer IQ with CC -SG to add IT Devices to CC- SG as nodes. T his is done via the CC -SG Access menu. You must have the CC Setup and Contro l permission to conf igure P[...]
-
Page 357
Chapter 17 : P ow er IQ Integration 339 Troubleshoot Connections to Power IQ Check these possib le error m essages and solutions to troubleshoot your connection to a Power IQ . Determine the cause, t hen edit the conf iguration to cor rect it. See Configuring Power IQ S ervices ( on page 338). Message Resolution Unable to comm unicate with managing[...]
-
Page 358
Chapter 17 : Power IQ Integration 340 Configuring Synchronization of Power IQ and CC- SG CC -SG will s ynchronize with Power IQ to add th e IT Devices conf igured in Power IQ to CC -SG as nodes. W hen synchronizing, CC -SG will create a node with a Po werIQ Prox y i n terface for eac h new IT Device identified. W hen CC-SG detects a duplicated nod [...]
-
Page 359
Chapter 17 : P ow er IQ Integration 341 Step 3 - Create a synchronization polic y: Note: The synchron ization policy applies to ALL Power IQ insta nces configured in CC- SG. See Pow er IQ Synchronizatio n Policies ( on page 342) for deta ils of each policy an d other synchroni zation results. 1. In the Synchronizat ion section, select the rad io bu[...]
-
Page 360
Chapter 17 : Power IQ Integration 342 Power IQ Synchroniz ation Policies W hen CC-SG detects a duplicated nod e, the synchroni zation policy you choose determ ines whether the nodes ar e consolidated, renam ed, or rejected. See Configuring Synch ronization of Power IQ and CC - SG (on page 340 ) to set the s ynchronization po licy. Synchronization p[...]
-
Page 361
Chapter 17 : P ow er IQ Integration 343 Import Power Strips from Power IQ You can import Dom inion PX devices and the ir outlet nam es from Power IQ. If the Dominion PX devices are alread y managed by CC -SG, you must delete them first. The im port adds the Dominion PX devices, and configures and nam es the outlets specified i n the CS V file. Non-[...]
-
Page 362
Chapter 17 : Power IQ Integration 344 Column number Tag or value Details 6 Configure All Outlets TRUE or FALSE Default is FALSE. 7 Description Optional. Step 3: Import the edited CSV file into CC - SG 1. In the CC-SG Adm in Client, choose Administration > Im port > Import Powerstrips. 2. Click Browse and selec t the CSV file to im port. Click[...]
-
Page 363
Chapter 17 : P ow er IQ Integration 345 3. T y pe a n ame f or the file and choose the location where you want to save it 4. Click Save. Step 2: Edit the CSV fil e and import into Pow er IQ: The export file conta ins three sections . Read the com m ents in the CSV file for instructions on ho w to use each sec tion as part of a Power IQ multi-tabbed[...]
-
Page 364
346 In This Chapter V1 Model ................................................................................................ 346 E1 Model ................................................................................................ 347 V1 Model V1 General Specific ations Form Factor 1U Dimensions (DxW xH) 24.21”x 19.09” x 1.7 5” 615 mm x [...]
-
Page 365
Appendix A : Specifi cations for V1 and E1 347 Operating Humidity 5% - 95% RH Altitude Operate properl y at any altitude between 0 to 10,000 feet, storage 40,000 feet (Estimated) Vibration 5- 55 -5 HZ, 0.3 8mm,1 m inutes per cycle; 30 minutes for each ax is (X,Y,Z) Shock N/A E1 Model E1 General Specific ations Form Factor 2U Dimensions (DxW xH) 27.[...]
-
Page 366
Appendix A : Specifi c ations for V1 and E1 348 Operating Non-Operating Temperature - 40° -70° C Humidity 5-90%, non-condensi ng Altitude Sea level to 40,000 f eet Vibration 10 Hz to 300 Hz s weep at 2 g constant acc eleration for one hour on each of the perpendicular axes X, Y, and Z Shock 30 g for 11 m s with a ½ sine wave for each of the perp[...]
-
Page 367
349 This appendix contai ns network r equirements, including addresses , protocols, and ports, of a typical CC - SG deplo y m ent. It includes inform ation about how to configure your network for both external acc ess and internal securit y and routing polic y enforcement. Details are provided for the benefit of a T CP/IP network administrator. The[...]
-
Page 368
Appendix B : CC -SG and Netw ork Configuration 350 Port Number Protocol Purpose Details Raritan device that will be externally accessed. T he other ports in the table m ust be opened only for accessing CC- SG. AES-128/AES- 256 encrypted if configured. 80 and 443 for Control System nodes 80, 443, 902, and 903 f or Virtual Host and Virtual Machine No[...]
-
Page 369
Appendix B : CC -SG and Netw ork Configuration 351 CC -SG and Raritan D evices A main role of CC- SG is to m anage and control Raritan de vices, such as Dominion KX II. T ypically, CC -SG comm unicates with these devices over a TCP/IP network (local, WAN, or VPN) an d both TCP and U DP protocols are used as f ollows: Communication Direction Port Nu[...]
-
Page 370
Appendix B : CC -SG and Netw ork Configuration 352 Communication Direction Port Number Protocol Configurable? Details CC -SG to CC- SG 5432 TCP no From HA-JDBC o n Primar y t o Backup PostgreSQL DB server. Not encrypted. CC -SG to CC- SG 8732 TCP no Primar y -Back up server sync clustering control data exchange. MD5 encrypted. CC -SG to CC- SG 3232[...]
-
Page 371
Appendix B : CC -SG and Netw ork Configuration 353 Communication Direction Port Number Protocol Configurable? Details PC Client to CC-SG 443 TCP no Client-server com munication. SSL/AES-128/A ES-256 encrypted if conf igured. PC Client to CC- SG 80 TCP no Client-server com munication. Not encrypted. If SSL is enabled, Port 80 is red irected to 443. [...]
-
Page 372
Appendix B : CC -SG and Netw ork Configuration 354 Communication Direction Port Number Protocol Configurable? Details Client to Raritan De vice to Out- of -Band K VM Node (Direct Mode) 5000 (on Raritan Device) TCP yes Client-server communication. SSL/AES-128/A ES-256 encrypted if conf igured. Client to Raritan Dominion SX De vice to Out- of -Band S[...]
-
Page 373
Appendix B : CC -SG and Netw ork Configuration 355 Communication Direction Port Number Protocol Configurable? Details CC -SG to SNMP Manager 162 UDP yes SNMP standard CC -SG Internal Po rts CC -SG uses several ports for internal functio ns, and its local fire wall function blocks access to these ports. Ho wever, some external s canners may detect t[...]
-
Page 374
Appendix B : CC -SG and Netw ork Configuration 356 VNC Access to Node s Port 5800 or 5900 m ust be open for VNC ac cess to nodes. SSH A cc ess to Nodes Port 22 mus t be open for SSH access to n odes. Remote System M onitoring Port W hen the Re mote S ystem Monitoring feat ure is enabled, port 19 150 is opened by default. See Configure Remote System[...]
-
Page 375
357 This table shows which privilege must be ass igned for a user to ha ve access to a CC-SG m enu item . *None means that no particular privilege is required. Any user who has access to CC-SG will be able to view and access these menus and commands. Menu > Sub-menu Menu Item Required Privilege Description Secure Gatewa y This menu is available [...]
-
Page 376
Appendix C : User Group Privilege s 358 Menu > Sub-menu Menu Item Required Privilege Description Node Auditing User Managem ent Devices This menu and the De vices tree is avai lable only for users with any one of the following privileges : Device, Port, and Nod e Management Device Configuration an d Upgrade Managem ent Discover Devices Device, P[...]
-
Page 377
Appendix C : User Group Privilege s 359 Menu > Sub-menu Menu Item Required Privilege Description > Launch Admin Device, Port, and Nod e Management or Device Configuration and Upgrad e Management > Launch User Station Adm in Device, Port, and Nod e Management > Disconnect Users Device, Port, and Nod e Management or Device Configuration a[...]
-
Page 378
Appendix C : User Group Privilege s 360 Menu > Sub-menu Menu Item Required Privilege Description Management > By Port Num ber Device, Port, and Nod e Management or Device Configuration and Upgrad e Management Nodes This menu and the Nod es tree is availabl e only for user s with any one of the following privileges : Device, Port, and Nod e Ma[...]
-
Page 379
Appendix C : User Group Privilege s 361 Menu > Sub-menu Menu Item Required Privilege Description Group Power Control Power Control Configure Blades Device, Port, and Nod e Management Ping Node Device, Port, and Nod e Management Bookmark Node Interface Node In-band Acc ess or Node Out- of -band Access > Node Sorting Options > By Node Nam e [...]
-
Page 380
Appendix C : User Group Privilege s 362 Menu > Sub-menu Menu Item Required Privilege Description Node Out- of -Band Access or Node Power Control > Tree View Any of the following: Device, Port, and Nod e Management or Node In-band Acc ess or Node Out- of -band Access or Node Power Control Associations This menu is available only for users with[...]
-
Page 381
Appendix C : User Group Privilege s 363 Menu > Sub-menu Menu Item Required Privilege Description > User Group Data User Managem ent > Devices > Device Asset Report Device, Port, and Nod e Management or Device Configuration and Upgrad e Management > Device Group Data Device, Port, and Nod e Management > Query Port Device, Port, and[...]
-
Page 382
Appendix C : User Group Privilege s 364 Menu > Sub-menu Menu Item Required Privilege Description Firmware CC Setup and Contr ol or Device Configuration an d Upgrade Managem ent Configuration CC Setup and Contr ol Cluster Configuration CC Setup and Contr ol Neighborhood CC Setup and Contr ol Security CC Setup and Contr ol Notifications CC Setup a[...]
-
Page 383
Appendix C : User Group P rivilege s 365 Menu > Sub-menu Menu Item Required Privilege Description Export Nodes CC Setup and Contr ol and Device, Port, and Nod e Management Export Devices CC Setup and Contr ol and Device, Port, and Nod e Management Export Power IQ Data CC Setup and Contr ol and Device, Port, and Nod e Management System Maintenanc[...]
-
Page 384
366 CC -SG provides the f ollowing SNMP traps: SNMP T rap Description ccUnavailable CC -SG application is un available. ccAvailable CC -SG application is a vailable. ccUserLogin CC -SG user logged in. ccUserLogout CC -SG user logged out. ccPortConnectionStarted CC -SG session started. ccPortConnectionStopp ed CC -SG session stopp ed. ccPortConnecti[...]
-
Page 385
Appendix D : SNMP Trap s 367 SNMP T rap Description ccDiagnosticConsoleL ogout User has logged out of the CC -SG Diagnostic Console. ccUserGr oupAdded A new user group h as been added t o CC-SG. ccUserGr oupDeleted CC -SG user group has been deleted. ccUserGr oupModified CC -SG user group has been m odified. ccSuperuserNam eChanged CC -SG Superuser[...]
-
Page 386
368 This section contains m ore inform ation about CSV file im ports. In This Chapter Comm on CSV File Requirem ents ......................................................... 369 Audit Trail Entries f or Importing ............................................................. 370 Troubleshoot CSV File Problems .......................................[...]
-
Page 387
Appendix E : CSV File I m ports 369 Common CSV File Requirements The best wa y to create the CSV file is to ex port a file from CC -SG, a nd then use the exported C SV file as an exam ple for creating your own. The export file contains com ments at the top that describe each item in the file. The comm ents can be used as instructions f or creating [...]
-
Page 388
Appendix E : CSV File I m ports 370 A udit Trail Entries for Importing Each item im ported into CC- SG is logged in the Audit T rail. Skipped duplicates are not logg ed in the Audit Trail. The Audit Trail includes a n entry for the f ollowing actions, under the Message T ype "Configuration." Import of CSV file start ed Import of C[...]
-
Page 389
Appendix E : CSV File I m ports 371 Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages app ear in the Problem s area of the Import page. T he error m essages identify problem s that are found in the CSV file during validation. You can save the list of err ors to a CSV file. Each error includes t he line num ber where[...]
-
Page 390
372 Launching CC-SG fr om y o ur web browser requires a Java plug -in. If your machine has an i ncorrect version, CC -SG wil l guide you through the installat ion steps. If your machine does not ha ve a Java plug-in, CC-SG can not autom atically launch. In t his case, you m ust uninstall or disable your old Java version a nd provide serial port[...]
-
Page 391
Appendix F : Troubleshoo t ing 373 If you access m ore than one CC- SG unit using the sa me client and Firefox, you m ay see a "Secure Connection Fa iled" message that says you have an inval id certificate. You can res ume acces s by clearing the invalid cert ificate from you r browser. a. In Firefox, choose T ools > Options. b. Cl[...]
-
Page 392
374 CC -SG com es with a few diagnostic utilities which ma y be extremely helpful for you or Rar itan Technical Supp ort to anal y s e and debug the cause of CC-SG pro blems. In This Chapter Memor y D iagnostic ................................................................ ................ 374 Debug Mode ..........................................[...]
-
Page 393
Appendix G : Diagnostic U tilities 375 Capture the Mem test86+ screen containing the memor y errors and contact Raritan T echnical S upport for assistance. Shut down CC- SG and re-install the m emor y DI MM modu les to ensure the contact is g ood. Then perf orm the Memtest86+ diagnostic to verif y if the mem ory issue is resolved. 2: Termin[...]
-
Page 394
Appendix G : Diagnostic Utilities 376 CC -SG Disk Monitoring If CC-SG disk space exhaustion in one or m ore file s y s tems occurs, it may negativel y impact your operation an d even results in the loss of some engineering dat a. Therefore, you should monitor the CC -SG disk usage and take c orrective actions to pre vent or resolve potentia l issue[...]
-
Page 395
Appendix G : Diagnostic U tilities 377 File system Data Corrective action /sg/DB CC -SG database Contact Raritan Tec hnical Support /opt CC -SG backups and snapshots 1. Save any new snapsh ot files on a remote client PC. See Take a System Snapshot ( on page 335 ) for the retrieval procedure. 2. Enter the S y s tem Snapshot menu. See T ake a System [...]
-
Page 396
Appendix G : Diagnostic Utilities 378 Note: For file system problems that are n ot mentioned in th is section, or when the corrective ac tions you take ca nnot resolve the prob lems, contact Raritan Techn ical Support for assista nce.[...]
-
Page 397
379 CC -SG can be configured t o point to an RSA RADI US Server that supports two-factor au thentication via an associated RSA Authen ticat ion Manager. CC-SG acts as a RADIUS clie nt and sends user auth entication requests to RSA RADIU S Server. T he authentication r equest includes user id, a fixed pass word, and a dynam ic token code. In This Ch[...]
-
Page 398
380 In This Chapter General FAQs ........................................................................................ 380 Authentication FAQs .............................................................................. 382 Security FAQs ....................................................................................... 383 Accounting FAQs[...]
-
Page 399
Appendix I : FAQs 381 Question Answer access CC- SG. Can I upgrade to n ewer versions of CC- SG software as they becom e available? Yes. Contact your authorized Raritan sales representative or Raritan, Inc. directl y. How man y nodes and/or Dominion units and/or IP -Reach units can be connected to CC- SG? There is no specif ied limit to the number [...]
-
Page 400
Appendix I : FAQs 382 Question Answer is the most eff ective and cost -efficient way to scale a single location. It also su pports the network model with IP-Reac h and the IP User S tation (UST-IP). The network model scales through use of th e TCP/IP network and aggregates access through CC -SG, so users don't have to kno w IP addresses or the[...]
-
Page 401
Appendix I : FAQs 383 Question Answer for authentication wit h directory services and security tools such as LD AP, AD, RADIUS, and so on? authentication. Remote authentica tion servers supported i nclude: AD, TACACS+, RADIU S, and LDAP. W hy d oes the error m essage "Incorrect usernam e and/or password" appear after I correctly enter a v[...]
-
Page 402
Appendix I : FAQs 384 Question Answer well as external (not jus t W AN, but LAN, too)? LAN or W AN. Does CC-SG support CRL List, that is, LDAP l ist of invalid certificates? No. Does CC-SG support Client Certificate Request? No. A ccounting F AQs Question Answer Accounting The event times in t he Audit Trail report seem incorrect. W hy ? Log event [...]
-
Page 403
Appendix I : FAQs 385 Grouping FAQs Question Answer Grouping Is it possible to put a g iven server in m ore than one group? Yes. Just as one user c an belong to m ultiple groups, one device can belong t o multiple groups. For exam ple, a Sun in NYC could be part of Gr oup Sun: "Ost ype = Solaris" an d Group New York : "location = NYC[...]
-
Page 404
Appendix I : FAQs 386 Interoperability FAQs Question Answer Interoperabilit y How does CC-SG integrate with Blade Chassis products? CC -SG can support any device with a KVM or seri al interface as a transpare nt pass -through. To what level is CC -SG able to integrate with thir d party KVM tools, down to t hird party KVM port level or simply box le[...]
-
Page 405
Appendix I : FAQs 387 Licensing FAQs If you must replace your installed licenses, f ollo w these rules. Base licenses m ust be replaced first. For exam ple, if replacing stand-alon e licenses CC- E1 -512 and CCL -512 with cluster l icenses CC -2XE1-512 and C CL-512, the base license CC- E1 -512 m ust be replaced bef ore replacing the CCL -512 add-o[...]
-
Page 406
388 The following ke yboard shortcuts can be used in the Java -based Adm in Client. Operation Keyboard Shortcut Refresh F5 Print panel Ctrl + P Help F1 Insert row in Assoc iations table Ctrl + I A p pendix J Keyboard Shortcuts[...]
-
Page 407
389 This appendix includes i nformation about th e naming convent ions used in CC-SG. Com ply with the m aximum character lengths when nam ing all the parts of your CC-SG configuration. In This Chapter User Inform ation .................................................................................... 389 Node Inform ation .......................[...]
-
Page 408
Appendix K : Naming Co nventions 390 Field in CC- SG Number of characters CC- SG allows Audit Inform ation 256 Location Information Field in CC- SG Number of characters CC- SG allows Department 64 Site 64 Location 128 Contact Information Field in CC- SG Number of characters CC- SG allows Primar y C ontact Nam e 64 Telephone Num ber 32 Cell Phone 32[...]
-
Page 409
Appendix K : Naming Co nventions 391 Field in CC- SG Number of characters CC- SG allows periods are converted t o hyphens. Device Description 160 Device IP/Hostnam e 64 Usernam e 64 Password 64 Notes 256 Port Information Field in CC- SG Number of characters CC- SG allows Port Nam e 32 A ssocia tions Field in CC- SG Number of characters CC- SG allow[...]
-
Page 410
392 Prior to version 4.0, CC -SG Diagnost ic Console displays a n umber of messages on the sc reen each time when it boots up. These m essages are standard Linux diagnostic and warning m ess ages and usuall y do not imply any system problems. T he table offers a short introduction to a few frequent mess ages. Message Description hda: The mess age i[...]
-
Page 411
393 A About Adm inistrator Con sole • 296, 303 About Applications f or Accessing Nodes • 238 About Associations • 41 About CC- SG L AN Ports • 242, 243, 24 6 About CC- SG pass words • 269 About Connection Mo des • 102, 128, 250 About Default Applica tions • 240 About Interfaces • 102 , 250 About LDAP and CC- SG • 201 About Network[...]
-
Page 412
Index 394 Adding, Editing, and D eleting Node Groups • 150 Adding, Editing, and D eleting Nodes • 109 Add ing, Editing, and D eleting User Groups • 108, 159 Adding, Editing, and D eleting Users • 163 Administration • 391 Administrator Consol e • 303 Administrator Consol e Screen • 304 Advanced Adm inistration • 164, 165, 191, 195, 2[...]
-
Page 413
Index 395 Change your default s earch preference • 52, 172 Change your em ail address • 173 Change your nam e • 172 Change your password • 172 Changing the Blade Server Status • 6 6 Check Your Browser f or AES Encr yption • 267 Checking and Upgradi ng Application Vers ions • 32, 238 Checking the Com patibility Matrix • 31 Clear the [...]
-
Page 414
Index 396 Default CC- SG Sett ings • 23 Default User Groups • 1 58 Delete a Backup Fi le • 224 Delete a Blade Chas sis Device • 67, 68 Delete a Categor y • 43 Delete a Cluster • 2 60 Delete a Custom View for Devices • 185 Delete a Custom View for Nodes • 182 Del ete a Device Gro up • 76 Delete a Neighborhood • 266 Delete a Neigh[...]
-
Page 415
Index 397 End SSH Connections • 290, 292 Ending CC- SG Sess ion • 235 Entering Maintenanc e Mode • 32, 222, 230, 232, 238 Error Log Report • 211 Estab lishing Order of External AA Servers • 190 Example Adding a W eb Browser Interface to a PX Node • 133, 134 Exit CC- SG • 235, 236 Exiting Maintenance Mo de • 222, 231 Export Categorie[...]
-
Page 416
Index 398 Licensing - Ne w Customers - Physical Appliance • 10, 11, 12, 14, 16 Licensing - Rehost ing • 29 Licensing - Virtual Ap pliance with License Server • 10, 11, 17 Licensing FAQs • xv ii, 30, 387 Limit the Num ber of KVM Sessions per User • 39, 159, 160, 162 Linux Server • 18, 21 Location Inform ation • 390 Locked Out Users Rep[...]
-
Page 417
Index 399 Q Query Port Report • 21 5 R RADIUS General S ettings • 206 RDP Access to Nodes • 355 Reboot CC- SG with Diagnostic Conso le • 3 16, 336, 374 Reboot or Force Rebo ot a Virtual Host No de • 123 Recomm ended DHCP Configurations f or CC - SG • 242, 244 , 247, 248 Recover a Cluster • 259 Refresh a Neighborho od • 266 Remote Au[...]
-
Page 418
Index 400 Specify a Distinguished N am e for AD • 188 Specify a Distinguished N am e for LDAP • 189 Specify a U sernam e for AD • 189 Specifying Modules f or Authentication and Authorization • 189 SSH Access to CC- SG • 26 8, 285 SSH Access to Nodes • 356 SSH Comm ands and Param eters • 287 Start the License Ser ver • 21 Status Cons[...]
-
Page 419
Index 401 Virtual Appliance Insta llation Requirem ents • 17 Virtual Appliances with Rem ote Storage Servers • 27 Virtual Nodes Over view • 113 VNC Access to Nodes • 356 vSphere 4 Users M ust Install New Plug - In • 121 W W eb Brow s er Interface • 1 26, 133 W eb Servi c es API • 294 W hat is a Neighborhood? • 242, 262 , 263, 265 W [...]
-
Page 420
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800- 724 -8090 or 73 2-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732- 764 -8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Beijing Monday - Friday [...]